Email scam uses fake email addresses to redirect employees’ paychecks

Email scam uses fake email addresses to redirect employees’ paychecks

Here’s a new nightmare for your employees: They wait for payday to make their personal payments only to find their funds are missing from their bank account. The head of your payroll department reminds your employee of the email s/he sent instructing her to change his/her bank account. Their head starts spinning. What email? What bank account? Absolutely none of this sounds familiar! And suddenly, they realize they’ve been had.

The Scam

This cyberscam is playing out in offices across the nation. It goes like this: Scammers pose as employees using a realistic looking email address. The email will request a change in employee bank accounts, allowing the funds or information to go into a bogus account. All the while, the payroll head thinks they are doing the right thing by quickly fulfilling the employees’ request. The “perfect crime” is carried out the following payroll.

Protecting Yourself

Business Email Compromise may sound like a simple crime, but it’s actually quite sophisticated. Scammers have not only created a fraudulent domain that mirrors the intended victim employee, but they’ve done their research into who’s inside the accounting department and who can initiate bank account changes. In other words, they are deep into your company by the time you realize they’re there. Making matters worse, if the fraud is not discovered in time, money is nearly impossible to recover, thanks to the scammers’ use of laundering techniques and associates around the world who drain the funds almost immediately after they are deposited. It’s a complicated network that is nearly impossible to trace. You need to be on your toes.

Here’s what we recommend:

      1. Warn your employees about scams and train them to identify and report potential frauds.
      2. Consider having employees fill out, sign and physically turn in a direct deposit authorization form every time they want to switch bank accounts.
      3. Work with your IT team to create an intrusion detection system that will flag incoming emails from domains that are similar to your company’s, but just slightly off. For example,, we’d want to flag,, and so on.
      4. Also work with your IT team to develop a flagging system for emails in which the “reply to” email address is different than the “from” email address.
      5. Require two-factor authentication in the company, such as having a second person sign-off on bank account changes. This will increase the odds that someone in your office gets a hunch that something is off.
      6. Require that your employees speak with you personally, face-to-face or via phone call, to confirm email requests for bank account changes, transfers of funds or sensitive information.
      7. Consider revising (and communicating) company policy to explicitly prohibit the request of funds or personal information via email. That way, if a fraudulent email does arrive, your employees will know right away to trash it.


Cleaning up the mess

If you do fall victim to Business Email Compromise, take the following steps QUICKLY:

      1. Call your payroll provider and/or bank immediately upon discovering the transfer of funds. Report the fraudulent transfer, and request that they contact the bank where the money was sent.
      2. Notify your local police department and your local FBI office. Together with the U.S. Treasury Financial Crimes Enforcement Network, they may be able to freeze the funds.
      3. File a complaint with the FBI’s Internet Crime Complaint Center at, regardless of the dollar amount sent.
      4. Begin taking steps immediately to prevent another phishing attack.

Cyberthreats take on many forms these days. Do not let one email set your company back. Educate yourself, and take every precaution necessary to avoid a financial and logistical disaster.

Payroll Partners is committed to helping clients stay informed about payroll and human resource news, developments and current events. This article is intended to provide readers with general information on human resources matters. The article does not constitute, and should not be treated as professional advice regarding the use of any particular human resources practice. All efforts have been made to assure the accuracy of the information. Payroll Partners does not assume responsibility for any individual’s reliance upon the information provided in the article. Readers should independently verify all information before applying it to a particular fact situation, and should independently determine the impact of any particular human resources practice. If you are seeking human resources advice, you are encouraged to consult a human resources professional.