One of the newest cyber crimes is being perpetuated against both employees and their employers, not just here in Crestview, but all over the country. I recently learned of this scam when one of my friend's business was a victim. The human resources department receives an email from an employee requesting a change in the routing and bank account information for their direct payroll deposit. This information is passed along to the payroll department to make the needed changes.
As in the spoofing of telephone numbers, these emails look as though they came from the actual employee. In some cases these phony emails have the same email address as the company so they look like a legitimate company email. However, just as phone numbers can be spoofed, so can email addresses. Most of the time, it is much easier for the perpetrator to sign up for an email account with Gmail, Mail or other free email service and use the employee's name, such as JohnEmployee@gmail. Since there is generally no verification required for this type of change, the information is processed and the next payroll check goes to the thieves rather than the employee. The employee has no knowledge of this change and is perplexed when they don't receive their payroll deposit.
Because this involves payroll and the employee didn't really initiate the email, the employer is liable for their employee's wages. This hits the company in the pocketbook, and the employee may have to wait for several days to receive their stolen compensation. Employers are urged to contact their banks to find out where the stolen money was sent, but in many cases the deposits were either sent offshore, or once deposited, immediately withdrawn. The FBI should be contacted should you face a situation such as this scam.
Smaller companies may not require more than an email to change direct deposit options and are therefore vulnerable. My advice would be to physically have a payroll employee or the employee's direct supervisor go and ask the employee if they requested their payroll information changed. This will save many headaches.
Most large companies do not have the time nor employees to make these types of changes, therefore the employees are required to make them. For instance, my husband's company requires the employee go into the secure payroll portal and change this information. Requiring employees to do this change stops payroll fraud, as no one but the employee can change their direct deposit information.
Stay safe and keep your payroll check and your employer safe from thieves.
Janice Lynn Crose, a former accountant, lives in Crestview with her husband, Jim; her two rescue collies, Shane and Jasmine; and two cats, Kathryn and Prince Valiant.
This article originally appeared on Crestview News Bulletin: Employers, be wary of latest payroll scam