Scammers have found a new way to take advantage of businesses, especially those with a large number of employees and locations. They are now impersonating legitimate employees and sending phishing emails, or directly calling HR and Payroll professionals to request a change to their bank account information. Once the change is made, the employee’s payroll is diverted to a fraudulent account.
To add some weight to the request, the emails will appear to come from an executive or President/CEO and may contain “name dropping” of senior management within the organization. It’s believed these tactics refrain employees from questioning the credibility of the request.
To prevent payroll fraud, it’s critical to educate employees on safe email practices and protocols.
- Be cautious of requests for bank account changes that originate via email, especially if the email has a vague or urgent subject line.
- Validate bank account changes directly with your employee before giving out any information or processing any changes. (i.e. in person, by calling the known contact number, instant message, etc.)
- Require the employee submit a written request with a “wet” signature.
As a general rule, it’s important to carefully vet all emails that contain links and attachments, and only click if you are confident the email is authentic. If you believe the email is suspicious, immediately contact your company’s IT team to report it.
If you’re a Merrimack customer and are concerned your personal or financial information was compromised, please call us directly at 603.225.2793.