Attention anyone running company payroll!
“Could you please change my direct deposit to the account number below asap? Thanks so much.” Signed, Company CEO. What would you do? What if I said, “Do nothing?”
In 2017, the FBI estimated scammers stole nearly $3.1 billion from over 22,000 individual companies. That’s only counting the ones reported as many people were too ashamed to call the crime into authorities.
If you get an out-of-the-blue e-mail request from someone in your organization, often they target a CEO, President, etc., requesting you send an extra paycheck to their new bank account because there’s been a family emergency. Stop. It’s almost certainly a scam.
Sadly, one of my clients didn’t stop. They did follow the e-mail request and made the change to the account. The money went directly into the hands of the scammer. Perfect crime. Check.
In this case, the employer felt this was an honest mistake and did not blame the employee. So, although embarrassed and angry, this employee remained employed.
Not the case for another employee in a Southwestern state who did not remain employed after the scam attack. In 2017, a grocery worker received an e-mail requesting W-2 information for all employees. The e-mail looked completely legit and came from a leader in the organization. It was the perfect scam. The criminal received exactly what they wanted. Personal data on 12,000 employees.
These scammers don’t like to take “no” for an answer, and they have many ways to approach their crimes and victims. I don’t have anything foolproof advice to ensure they won’t scam us, but here are some tips to try and keep us one step ahead:
Review any fishy e-mail in great detail. You’ll almost always find something not quite right. Look at the e-mail address itself. These scammers are clever and use e-mail addresses that are close to those your company uses. Yet, often you will find one letter or number slightly off. Look for spelling errors in the subject line and/or body of the e-mail. My client noticed a lower case letter that the CEO would always capitalize. Notice words or phrases the person generally wouldn’t use. I once got one of these scams, and it started “Hey Christine” from our CEO. He would never say “Hey” in a million years. Immediate red flag.
Contact the person who supposedly sent the e-mail directly via a separate e-mail, or preferably a phone call to get direct confirmation. Don’t hit reply to the potential scam e-mail. I know that sounds like a duh – but it’s a habit we all do; trust me.
If you suspect you’ve been the victim of a scam, immediately notify your IT department. Sadly, the people doing these terrible things are pretty sophisticated. They are hard to track down. Even harder to stop. Regardless, making your IT department aware puts them on high alert of future scam attempts.
Process, process, process. Have a process in place for all payroll changes and requests. Meaning, a random e-mail should never trigger a pay change. I promise this will save a lot of headaches in the end
The IRS is on high alert for these types of scams. If you have been a victim, notify them immediately at firstname.lastname@example.org
Stay aware, and don’t get scammed.