Email scammers are defrauding companies by targeting unsuspecting Human Resources professionals.
The FBI categorizes this type of fraud as business email compromise (BEC) or business email spoofing (BES). Last year, businesses lost $12.5 billion to fraud. The FBI says payroll email phishing is increasing.
How Do These Scams Work?
These schemes are easy to carry out. The fraudster creates an email account under someone else’s name. They don’t need to penetrate security are hack into an email account. It’s also easy for hackers to automate the creation of thousands of an accounts in a few minutes.
Types of Payroll Phishing Emails
The most common phishing emails are engineered to:
- Get direct deposit information so they can re-route paychecks to scammer-controlled bank account.
- Obtain W-2s so the scammer can file tax returns and receive tax refund under victim’s name.
- Initiate a wire transfer which is routed into a scammer-controlled bank account.
The FBI says the emails rarely have the incorrect spelling or grammar common to ‘Nigerian prince’ type scams.
Here is an example email from a fraudster posing as a staff member:
To: Brittney Williams
Subject: Direct Deposit Update Request
Can you update my direct deposit? I just changed bank accounts. I would appreciate it before next payroll.
Some emails purport to come from the CEO or CFO. They are directed to HR personnel or accountants who initiate wire transfers.
Protect Your Employees
- Look closely at email addresses and compare with correct ones.
- Never answer an email on your mobile phone when you can only see the sender’s name without the email address.
- Use WorkforceHub with an employee self-serve (ESS) portal so your staff members can manage their own direct deposit information.
- Don’t publish names of HR personnel online.
- Update email spam filters to flag these types of emails.
How Do I Report A Scam Email?
- Non-tax related BEC/BES email scams should be reported to the FBI’s Internet Crime Complaint Center (IC3).
- If W-2 forms have been exposed, visit the IRS Form W-2/SSN Data Theft page for instructions.
- Report tax related phishing emails to mailto:firstname.lastname@example.org
Swipeclock offers WorkforceHub, the Human Resources Management System (HRMS) that makes it easy to optimize the performance of your managers, employees, and business operations.
WorkforceHub includes TimeWorksPlus, TimeSimplicity, TimeWorks Mobile, and ApplicantStack. We’ve just added applicant tracking, onboarding, benefits enrollment, performance reviews, and employee engagement! WorkforceHub was created for busy employers like you who need to reduce cost-per-hire, streamline scheduling, automate time tracking, maintain regulatory compliance, and decrease labor costs.
We can get you up and running with WorkforceHub immediately. Contact us today to request a demo.
Or are you interested in becoming a reseller? Check out the Swipeclock partner advantage now.
- Why a Facial Recognition Time Clock is Essential for Small Business - June 8, 2021
- How a Time Card Goof-up Can Cost You $30,000 - October 13, 2020
- Solutions To 7 Frustrating Employee Scheduling Problems - September 4, 2020