document.addEventListener(\'DOMContentLoaded\', function(event){ if (window.location.hash) { // Start at top of page window.scrollTo(0, 0); // Prevent default scroll to anchor by hiding the target element var db_hash_elem = document.getElementById(window.location.hash.substring(1)); window.db_location_hash_style = db_hash_elem.style.display; db_hash_elem.style.display = \'none\'; // After a short delay, display the element and scroll to it jQuery(function($){ setTimeout(function(){ $(window.location.hash).css(\'display\', window.db_location_hash_style); et_pb_smooth_scroll($(window.location.hash), false, 800); }, 700); }); } });

payroll phishing scams Robbinsville

Email scammers are defrauding businesses by targeting unsuspecting Human Resources professionals. 

The FBI categorizes this type of fraud as business email compromise (BEC) or business email spoofing (BES). Last year, businesses lost $12.5 billion to fraud. The FBI says payroll email phishing is increasing.

How Do These Scams Work?

These schemes are effortless to carry out. The fraudster creates an email account under someone else’s name. They don’t need to penetrate security are hack into an email account. It’s also easy for hackers to automate the creation of thousands of an accounts in a few minutes.

Types of Payroll Phishing Emails

The most common phishing emails are designed to:

  • Get direct deposit information so they can re-route paychecks to scammer-controlled bank account.
  • Obtain W-2s so the scammer can file tax returns and receive tax refund under victim’s name.
  • Initiate a wire transfer which is routed into a scammer-controlled bank account.

The FBI says the emails rarely have the incorrect spelling or grammar common to ‘Nigerian prince’ type scams.

Here is an example email from a fraudster posing as an employee:

To: Brittney Williams

Subject: Direct Deposit Update Request

Brittney,

Can you update my direct deposit? I just changed bank accounts. I would appreciate it before next payroll.

Thanks!

Some emails purport to come from the CEO or CFO. They are directed to HR personnel or accountants who initiate wire transfers.

Protect Your Employees

  1. Look closely at email addresses and compare with correct ones.
  2. Never answer an email on your mobile phone when you can only see the sender’s name without the email address.
  3. Use WorkforceHUB with an employee self-serve (ESS) portal so your employees can manage their own direct deposit information.
  4. Don’t publish names of HR team online.
  5. Update email spam filters to flag these types of emails.

How Do I Report A Scam Email?

Contact TriCore for information regarding WorkforceHUB™UPGRADE TODAY

TriCore offers WorkforceHUB, the unified Human Resources portal that makes it easy to optimize the performance of your managers, employees, and organization.

WorkforceHUB includes TimeWorksPlus, TimeSimplicity, TimeWorks Mobile, and ApplicantStack. We’ve just added recruitment, onboarding, benefits enrollment, performance reviews, and employee engagement! WorkforceHUB is designed for busy employers like you who need to reduce cost-per-hire, streamline scheduling, automate time tracking, maintain regulatory compliance, and reduce labor costs.

How much can you save? Check our TriCore ROI Calculator.

We can get you up and running with Workforce Management Suite in minutes. Contact us today to book a demo.

ArticleID 8190