Email scammers are defrauding businesses by targeting unsuspecting Human Resources professionals.
The FBI categorizes this type of fraud as business email compromise (BEC) or business email spoofing (BES). Last year, businesses lost $12.5 billion to fraud. The FBI says payroll email phishing is increasing.
How Do These Scams Work?
These schemes are effortless to carry out. The fraudster creates an email account under someone else’s name. They don’t need to penetrate security are hack into an email account. It’s also easy for hackers to automate the creation of thousands of an accounts in a few minutes.
Types of Payroll Phishing Emails
The most common phishing emails are designed to:
- Get direct deposit information so they can re-route paychecks to scammer-controlled bank account.
- Obtain W-2s so the scammer can file tax returns and receive tax refund under victim’s name.
- Initiate a wire transfer which is routed into a scammer-controlled bank account.
The FBI says the emails rarely have the incorrect spelling or grammar common to ‘Nigerian prince’ type scams.
Here is an example email from a fraudster posing as an employee:
To: Brittney Williams
Subject: Direct Deposit Update Request
Can you update my direct deposit? I just changed bank accounts. I would appreciate it before next payroll.
Some emails purport to come from the CEO or CFO. They are directed to HR personnel or accountants who initiate wire transfers.
Protect Your Employees
- Look closely at email addresses and compare with correct ones.
- Never answer an email on your mobile phone when you can only see the sender’s name without the email address.
- Use WorkforceHUB with an employee self-serve (ESS) portal so your employees can manage their own direct deposit information.
- Don’t publish names of HR team online.
- Update email spam filters to flag these types of emails.
How Do I Report A Scam Email?
- Non-tax related BEC/BES email scams should be reported to the FBI’s Internet Crime Complaint Center (IC3).
- If W-2 forms have been exposed, visit the IRS Form W-2/SSN Data Theft page for instructions.
- Report tax related phishing emails to mailto:firstname.lastname@example.org
TriCore offers WorkforceHUB, the unified Human Resources portal that makes it easy to optimize the performance of your managers, employees, and organization.
WorkforceHUB includes TimeWorksPlus, TimeSimplicity, TimeWorks Mobile, and ApplicantStack. We’ve just added recruitment, onboarding, benefits enrollment, performance reviews, and employee engagement! WorkforceHUB is designed for busy employers like you who need to reduce cost-per-hire, streamline scheduling, automate time tracking, maintain regulatory compliance, and reduce labor costs.
How much can you save? Check our TriCore ROI Calculator.
We can get you up and running with Workforce Management Suite in minutes. Contact us today to book a demo.