Payroll & HR Simplified
Contact - 573-474-8431
Schedule An Appointment Now

5 THINGS TO KNOW: What is a payroll diversion scam and how to spot it!

The Federal Bureau of Investigation gives information on the latest scam involving payroll and direct deposit.


1. What is payroll diversion fraud?

Payroll diversion is a type of direct deposit scam known as phishing. Payroll diversion happens when a scammer emails an organization’s payroll, finance, or human resources department as a way to get information. The email the scammer sends is meant to look like it came from an employee who updated their direct deposit information and is letting HR know.


2. How does it work?

Essentially, a direct deposit phishing email scam will look something like this:

A scammer contacts a payroll employee via a fake email address that appears to belong to someone within the same company.

The email will state how the routing information for an employee’s direct deposit paycheck needs to be updated. The body of the email will likely be short and to the point, but not obvious. It will probably be written in a friendly tone of voice to deceive the payroll employee into believing it’s actually from a legitimate employee.

If the scammer succeeds in getting the payroll employee to change the bank account and routing number, the deposits are transferred to an account owned by the scammers.


3. How can a company avoid it?

Improve the company’s overall attention to detail and make sure proper payroll procedures are always followed.

Establish a clearly communicated, step-by-step process for submitting and processing all payroll changes, and be sure that all relevant HR employees are properly trained on this procedure.

Do not allow any payroll change requests, even legitimate ones, to be initiated via a simple email or phone call. Require that any change to paycheck-related employee information be approved by more than one person before being processed.


4. What if I become a victim of the scam?

If you find yourself a victim of payroll diversion fraud, don’t beat yourself up—it can happen to anyone at any time. These scammers can be extremely clever with their tactics.

But if you do find yourself in this unfortunate situation, it’s crucial to take the proper steps in the aftermath of a scam. If you believe you’ve been a victim of payroll diversion fraud, you need to file a complaint with the FBI’s Internet Crime Complaint Center and contact your financial institution for a reversal.


5. What else can I do to protect myself?

Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.

Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.

Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.

Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.


Derrick James

Oct 6, 2022

McAlester News-Capital

Posted Date: 2023-03-27

« Return