Payroll and direct deposit scams continue to rise, and HR teams are often the primary targets. Cybercriminals know that HR handles sensitive employee data and processes banking changes, which makes the department a key point of attack. Understanding how these schemes work can help HR administrators prevent fraud before it occurs.
How the Scam Works
A common tactic involves an attacker posing as an employee and requesting an urgent change to their direct deposit information. The request may come through email, text message or even a spoofed domain that looks identical to your organization’s address. Once the change is processed, the next paycheck is routed to the scammer’s account instead of the employee.
Red Flags HR Should Watch For
Be alert for these warning signs:
- Requests to change bank account information through email or text rather than the usual HR system or secure process.
- Messages written with unusual wording, tone or formatting that does not match the employee’s typical communication style.
- Urgent or pressured requests, especially those sent after hours.
- Email addresses that are close to the employee’s name but slightly altered.
- A request to bypass standard procedures because of an emergency.
Verification Steps HR Should Always Follow
To reduce risk, HR teams should adopt and consistently apply a verification process for payroll and banking changes. Recommended steps include:
- Require employees to make all direct deposit updates through the secure HR or payroll system when possible.
- If a request arrives by email, confirm the change directly with the employee using a known phone number or in person. Do not use any phone number included in the suspicious message.
- Confirm all changes in writing through the secure system once the employee has been verified.
- Document when and how the request was validated.
- Report any suspicious activity to IT or your security team immediately.
Why This Matters for HR
Even a single fraudulent change can lead to lost wages for the employee, financial complications for the organization and potential liability concerns. By maintaining careful verification practices and watching for red flags, HR can significantly reduce the risk of payroll fraud.
Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
