Updated: May 31, 2019
We all know that fraud is in the world and each and every day someone finds a new way to commit fraud and target a new group. As a business owner and employer, you and your employees could be the target of the newest fraud scheme.
Fraudster’s are targeting those who run payroll this could be you yourself, your payroll practitioner, or whomever is helping you to complete this role by email. An email is being sent from what appears to be an existing employee who is requesting that their banking information needs to be updated to a new account number. Often the email is coming from the employee’s email address. The employee’s pay is redirected to the “new” fraudulent bank account, as soon as the pay is deposited into the fraudulent bank account it is then withdrawn by the fraudster and often before the affected employee is even aware that they have not received their pay.
Here are some simple ways to change your internal controls so that you can protect your business and your employees:
Confirm with the employee that they wish to have their account changed.
This could be by phone, or in person have some who has a good relationship with the employee (i.e., office manger) to talk to them and verify that the request was made by them.
If it doesn’t work for your organization to have the office manager do this task, the best case scenario where the payroll practitioner doesn’t know the employee, is to confirm one or two other pieces of information like, their previous bank account, date of birth, Social Insurance Number (SSN in the US), etc.
We also like to have a void cheque or direct deposit form showing the employees name/address when possible.
Other payroll practitioners and providers, like ADP, have (or will be) making changes similar to what we've outline here. Thanks to ADP for bringing this potential threat to our attention.
And if you prefer digesting information via video, here's a link to the video we published on this topic: