Sonora, CA…There has been an uptick in phishing emails involving payroll direct deposit, primarily targeting businesses and companies by rerouting an employee’s paycheck by direct deposit. The emails generally impersonate a real company employee, and are sent to payroll or human resources personnel. The email asks the payroll or HR department to change the employee’s deposit for payroll purposes and provides a new bank account and routing number which, of course, leads to a bogus account operated by the scammer. This request may not seem out of the ordinary as the scammer uses an actual employee whether it be a new hire or a retiree. By the time the deception has been discovered, the employee has lost one or two payroll deposits leaving the company responsible in replacing the monetary loss.
The fake emails are usually well written, cordial and lack the misspellings, grammar mistakes and exclamation points that would trigger many popular email filters that search for spam or phishing attempts. The scammers may even spoof the forms used by the company when making these requests.
The spoofing doesn’t require the criminal to hack into anyone’s email account, as it often does with bigger ticket wire fraud. The scammers generate the fake emails with free services like Gmail and they can simply open a new email account and fill in the employee’s name, which allows them to get around tools meant to detect hacking attempts on employee email. Employees may not notice, either because they are working quickly and they don’t notice the full email address, or they are working on a mobile device where only the person’s name is displayed in the “from” field.
We recommend making a phone call to the employee or meeting with them in person to verify the request before processing the change. It is also best to avoid using your personal email when sending messages to staff.
If you receive one of these emails, here’s what to do:
•Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.
•If you receive tax-related phishing emails, forward those to phishing@irs.gov. IRS cybersecurity professionals monitor this account, and this reporting process also enables the IRS and its Security Summit partners to identify trends and issue warnings.
•If you are an employer impacted by the form W-2 scam, forward the email to dataloss@irs.gov. There is a process employers that can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. If you are an employer who received a form W-2 scam email but was not impacted (meaning you didn’t click or respond), forward the email to phishing@irs.gov.