STPS

How to Avoid Payroll Scam

All businesses should be out on the lookout for payroll scams. It doesn’t matter how big or small your business is, you are still a potential victim that scammers can pounce on at any moment. No company is immune to scams. These scams can negatively affect your company’s profitability. Below is a common scam that you should look out for and how to avoid it.

Phishing/payroll diversion fraud:

Yes, phishing. Not fishing, where you go on a trip with your buddies and end up sitting on a boat for hours, getting sunburnt. Then the only thing you catch is a tire and then you need to cut your perfectly new fishing pole line. Oh wait, that happened to me. Phishing, not fishing. They sound the same out loud but no, phishing is so much more dangerous even though having a sunburn for days is pretty harmful. Where were we? Oh, phishing. Right. 

Phishing is when a cybercriminal or a scammer emails a company’s payroll practitioner or HR department pretending to be an employee. The email will normally include the employee asking to change their banking or direct deposit information. They might even try to get you to “update your personal information.” Or they would get you to click on a link that hacks into your account or others’ accounts.

The scammers are hard to spot as they make sure the email looks very legit by making it almost match the actual employee’s email connected to the company. They even go to the lengths of making the email signature the same. Even the links they provide in the email will look familiar to a link you might have clicked on before. These are all part of their tactics to get you to click on the link and give them the information that they need.

Common email subject lines scammers would use would be; “Payroll,” “Urgent Payroll Request!!,” Re: (Employee Name).” Watch out for those subject lines and email addresses closely so you won’t get scammed.

Example of a phishing email:

Who is most at risk?

Small businesses, non-profits, and individual employees are the most at risk of getting scammed. When it comes to direct deposit phishing scams, scammers target familiarity and workplace trust. That normally means smaller businesses.

Normally, simple email addresses such as gmail accounts are easier to use to scam people because at a glance they look very real. So if the email is written well and with a name that is recognizable, people are more likely to believe it. Since these smaller businesses, non-profits, and individual employees are more trusting, they are an easier target, that will be less likely to think twice about if the email is safe or not. 

How to avoid getting scammed:

The first thing you should do when it comes to avoiding getting scammed is to educate everyone in your business about scamming. Alert them about what suspicious emails would look like and make sure they don’t send personal or banking information over email. Maybe even make them read this article so they have all the information they need. You could even send out a fake test scam email to see if anyone fails the test and clicks on a link that would have gotten them hacked. 

Improve the company’s attention to detail. Have a step-by-step process for submitting payroll changes. Maybe even make a rule to not do payroll changes through email. Require employee information only to be changed in person or approved by the person twice.

Keeping your employees in check may take time but it will be worth the investment to prevent being scammed and avoid potential damage to the company and its finances.

Multi-factor Authentication, review domain URL in emails, check for misspellings in domain name and hyperlinks, don’t provide personal information via email, urge employees to regularly review personal financial accounts for irregularities, keep software updated, always verify email addresses, and update settings to show full email addresses. There are more details on these suggestions on the FBI website.

Personal stories of almost getting scammed:

Personally, I almost got scammed. I was not in a company, but I was buying something off of Facebook Marketplace and someone agreed to sell me something for $800. I got sent an email to pay that $800 through PayPal. Thank goodness my friend pointed out to me that the email address was a few letters off of the real PayPal email address. I almost got scammed out of $800. I know that isn’t as bad as the scam I told you about that could happen to you and your company but, you should also personally look out for yourself when buying things online.

Another time I almost got scammed was on LinkedIn. I applied for a job and I had an interview over text. Yes, TEXT! I thought it was a little weird but I went with it. The interviewer told me I got the job after the interview. He also said that he would send me an email for me to fill out my information to start the job. The email contained forms that included me needing to write down all of my personal and banking information. I knew it was a scam from there but I decided to ask if I could have a Zoom call with the company before signing the paperwork and the person said that I needed to fill out the paperwork first. When I asked again they vanished into thin air because they knew that they weren’t going to get me to sign the paperwork first.

Enough about me.

Bottom line:

I know getting scammed can be frightening because they are almost impossible to see sometimes. If you educate your employees and make sure they follow the proper procedures that the FBI recommends, you should be less likely to get scammed. You will feel safer and you wouldn’t have to worry as much about scammers affecting your finances negatively within your business.

Written by Tessa Braybrook

Tessa joined Superior Trucking Payroll Service in September 2022. She loves to write and make videos which made her a great asset to the team in her marketing position. 

Before working at Superior Trucking Payroll Service she worked in IT at GVSU which gave her the skills to problem-solve with customers over the phone. 

Contact Us!