Scammers are becoming more and more creative each and every day. Lately, it seems like every week a new scam comes out that can affect almost any organization. 

It’s important to constantly review procedures to prevent being taken advantage of by the scammers. We have recently heard about a new scam that involves direct deposit of employee paychecks. This gives all of us the opportunity to take another look at the best practices currently in place and what controls can be strengthened.

The Scenario

A scammer sends an email that appears to be from an employee’s email account to HR requesting a change to their direct deposit information. The HR administrator, believing the email to be authentic and from the employee, forwards the information to their payroll service provider. If the payroll department or service provider also believe the information to be authentic, they change the direct deposit and the scammer receives the payroll funds instead of the employee. This may be in the form of a fraudulent bank account or a prepaid debit card. Once the employer releases the funds to be directly deposited, there is little that can be done. The employer will lose the payroll funds, and, once the error is discovered, will have to re-issue the check to the employee. There is likely no recourse for recovering the funds taken by fraud.

Although many of us have heard about scenarios involving wire transfers, the purchase of gift cards and other requests from team members, this is the first time a scenario directly related to direct deposit has come to our attention. Thankfully, the payroll processing company flagged the account number as unusual and forced a cancellation of the direct deposit for the affected employee. For many service providers this extra level of security is not available due to a lack of resources.

What You Can Do:

In nearly all cases, the involved parties admit after the fact that something seemed “off” to them about the request. Often it is the wording in an email, and sometimes it is just a hunch, but it is important to follow up directly with the employee if you have any questions about the authenticity of a request. Below is a list of several key controls that are recommended to help catch fraudulent activity, but in the end, trust your instincts!

Here are a few controls directly related to this scenario:

• Require the use of specific forms to make any payroll-related changes.

• Require an original signature on the forms, not an electronic signature.

• Require an original copy of a voided check, not a photocopy or scanned copy.

• Be especially wary of direct deposit requests using online-only banks, credit card companies or other alternative institutions.

• Consider comparing the address on the voided check with the address on file for the employee and follow-up with the employee on any discrepancy.

• Follow-up requests for changes with a phone call or face-to-face contact with the specific employee to verify the change.

• Maintain a copy of the updated information in the employee’s personnel file.

• Review the change report that is generated by your payroll provider/service. This can be requested if you are not already receiving this information.

• Be sure that you know who is permitted to make changes to the payroll system and who is permitted to speak with any outside providers on the company’s behalf. This should be confirmed at least twice a year to ensure that there have not been any unauthorized changes.

 Additional best practices to avoid fraudulent transactions:

• Always check the email address closely, both upon receipt and when replying to an email. Some emails appear legitimate when received, yet force a reply email to be routed to a different email address. You can avoid this by starting a fresh email, rather than simply hitting “reply.”

• Be especially wary of email addresses and reply addresses when using your mobile phone – often times the information is truncated or hidden in order to allow a simpler view on your mobile device.

• Pay attention to the wording of the email – many scammers will send emails that include misspellings, awkward phrases or misused terms. Most people write an email in language similar to what they use in conversation, which can be a good guide when questioning the tone of the email received.

• Be especially wary of urgent requests – many scammers try to make the process move as quickly as possible so that you do not take the time to question the transaction.

• Trust your instincts!

Scammers are always going to try to be one step ahead of us, so it’s important to remain vigilant. A few extra minutes taken up front to verify a request can save a great deal of time and money down the road.  

In today’s ever-changing world, staying diligent is key. Want more helpful tips? Subscribe to our blog. Also, you can reach out to one of our Certified Fraud Examiners Edward Schmitz or Betsy Rice or complete the form below.


Contact Us




Nonprofit Insights


Valuation Report