B2B Payments

Hackers Targeting Payroll Direct Deposit

Of all of the scams targeting corporates, another one is landing on their radar.

In an article penned for JD Supra by law firm Ogletree, Deakins, Nash, Smoak & Stewart, P.C., experts warned of a type of payroll scam that sees fraudsters diverting direct deposits from employee accounts to criminal accounts.

According to the firm, fraudsters use a phishing scam by sending an email from an address similar to a legitimate company account. The email requests that an employee answer a brief survey then hit “confirm,” then directs them to enter their credentials in an online form to confirm their identity. Those credentials are then used to access payroll portals and redirect payroll funds into fraudulent accounts.

“The threat actors are doing substantial due diligence on the social engineering side of things,” the firm wrote, “and these emails look real. In many circumstances, they are effectively spoofing the sender’s account, and employers are learning of the scam when employees begin reporting that they did not receive their direct deposits. By then, the damage has been done.”

Ogletree Deakins warned that not only does this scam result in lost funds, but it is ultimately a data breach, with scammers gaining access to corporate systems and data. The report also noted that scammers are targeting all types of businesses using all types of payroll providers.

Payroll is often an unexpected target of fraud and cybercrime, both external and internal. Employees may set up a fake payroll account for an employee that doesn’t exist or reroute payroll funds into incorrect accounts.

Last year, reports from Bloomberg BNA highlighted the rising threat of cybercrime against payroll, noting that updated technologies and changing regulations are placing greater emphasis on the security of payroll, employee and company data.

“Countries are coming out with more stringent regulations around use of personal data and where it can be located and for what purposes,” explained Kira Rubiano, partner at global payroll service firm Celergo LLC, in an interview with Bloomberg BNA at the time.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.