Don’t Get Your Money Stolen: How to Protect Your Company from Payroll Fraud

How scammers attack your payroll

Scammers use powerful psychological techniques like social engineering to manipulate victims to take action immediately. 

Payroll fraud is just one of the recent additions to the tricks up their sleeves. According to The Wall Street Journal’s report about email scams, there were 23,775 scam complaints filed with the FBI last 2019, with an estimated annual loss of around $1.7 billion.

Scammers pull this off by sending fake emails to unsuspecting employees. They pretend to be someone with authority within the company like the payroll department, HR team, or the boss. This makes the employee more inclined to follow their requests. 

The scammers will urge the employee to change their bank accounts or wire their money to another bank account. 

So how exactly do they pull this off? Here are some of the most common ways scammers attack your payroll:

They do targeted attacks instead of mass-produced ones.

Payroll fraud attackers select their potential victim carefully and they gather not only their corporate details but personal ones as well.

They even track their social media accounts to know when they’re on vacation so they can tailor their message based on that information.

They impersonate an employee making victims think they’re actually talking to a colleague.

If they don’t use regular public domains like @gmail.com, they will create an email domain that mimics a company’s official email domain.

They will also attempt to sound like how the impersonated employee usually does in an email:

Howdy, Payroll!

Heyyy how are you? I have switched to another bank and would like to update my deposit information. Please do the needful.

In this example, hackers have studied and used the employee’s distinct greeting and choice of words.

They urge you to act immediately.

Their emails usually come with subject lines like “Urgent payroll request” or something that pushes you to take immediate action.

They may also indicate in the email body that it’s an emergency or that there is a consequence if this is not acted upon right away.

If you take time to think before acting, you are more likely to notice that something is off. That’s why hackers want you to hurry, sometimes, even panic.

What to do if you spot a possible payroll scam

Email communication is one of the most common ways employees coordinate with one another, especially when a significant number of them are working remotely. That’s why payroll fraud through email phishing is one of the favorite routes cybercriminals take. 

Here are specific actions that you can take if you spot a possible payroll scam:

Do not respond.

The simplest yet perhaps the best course of action is to leave the email unreplied.

The hackers will probably move on to another target or make another attempt soon. Hopefully, you’re still careful the next time around.

Contact the employee to verify.

Look up the employee’s email address listed in your company database and send a separate message to confirm the request.

If possible, set up a quick video call through secure tools like Google Meet to see and hear the request from the employee themself.

Report to IT staff immediately.

Inform your IT staff so they can block these hackers and conduct further security checks.

If you don’t have an in-house IT staff and would like to partner with highly-trained IT experts as soon as possible, contact a managed service provider (MSP) like ER Tech Pros.

MSPs can monitor your entire system and install the necessary detection tools to each of your devices to protect your business from multiple kinds of cyberattacks.

How to prevent payroll attacks

Being mindful with every single email you come across will come a long way. You can further reduce the risks of payroll attacks by taking the following steps:

Increase employee awareness. 

Your employees play an important role in combating these threats. Educate your employees about the different kinds of risks that can lurk in their inboxes. If you can, have your IT service provider conduct seminars to increase your employees’ cybersecurity awareness.

The whole organization needs to understand why it’s important to have proper email etiquette and be vigilant even when they’re corresponding with their closest coworkers.

It should be emphasized that everyone in the organization has a responsibility to protect the company. After all, if the company falls victim to scammers, everyone will be affected.

Implement multi-factor authentication (MFA).

If cybercriminals are eyeing your payroll department, that means more kinds of attacks are possible in the future.

MFA is a simple but highly effective tool used to add an extra layer of security that can potentially block 99% of payroll fraud attempts.

Coordinate with a certified MFA technology seller if you’re serious in boosting the security of your business.

Related Article: What is MFA and How Can It Protect Your Practice?

Update your anti-malware tools regularly.

Payroll frauds, as well as other types of cyberattacks, are constantly evolving. Keep your tools up to date so they can detect the newest security threats.

It can be quite tempting to close those pesky update notifications and get on with whatever you want to do on your computer, but these updates fix bugs and add enhancements to your existing software programs. So it’s important to encourage everyone in your organization to avoid skipping them.

Upgrade your free email service to a more secure one.

We all want to save money, and email service providers like Gmail have helped small businesses with their free version.

However, upgrading your email service to a more secure version gives you long-term benefits. A boost in security against breaches and other cyberthreats is an obvious one. You’ll also enjoy additional email tools and a larger (or even unlimited!) storage capacity.

You’re probably already using Gmail and other tools in G Suite like Google Docs , Sheets , Slides , and Forms. If you’re considering an upgrade, get a discount by upgrading through a certified G Suite partner.

How we can help improve your payroll security and protect your money

Cybercriminals are constantly changing and improving their fraudulent techniques. Meanwhile, companies are having a shortage of IT experts capable of keeping them away.

By learning how to spot possible attacks and following the tips presented, you’ll be able to mitigate the majority of the attacks that can harm your business.

If you need to tighten your IT security, reach out to us immediately so we can evaluate your IT infrastructure and determine what needs to be done.

Related Article: How Gift Card Scams Work and How to Avoid Being a Victim

Make sure that you’re always steps ahead of cyberthreats.