How to protect your company from payroll fraud and internet crime

How to protect your company from payroll fraud and internet crime


Picture this: you receive an email from someone you work with that you know and trust, maybe an executive of your company or perhaps someone in the finance department, outlining an urgent issue that needs to be solved. The email instructs you to open an attached document for further details, and since nothing really seems to be out of the norm, you go ahead and open the attachment.

Unbeknownst to you, a hacker may have just infiltrated your computer—and within minutes, they’ll have access not only to all of the files on your computer, but all of the files on every other computer that’s connected to the same network as well. This means that a hacker could potentially break into every computer in your entire company—stealing Social Security numbers, payroll data, proprietary information, etc.—and they could do it quite easily.

Unfortunately, this nightmare becomes a stark reality all too often. In an effort to safeguard your company from hackers, payroll fraud, internet crime, and the like, it’s important to know how to identify the signs of a cyber security attack and how to effectively respond.

Identifying a phishing attempt in your email

While there are a variety of methods scammers use to infiltrate company computers and steal information, there are two common methods hackers use within email that you need to be aware of: Business Email Compromise (BEC) and The Imposter. Both of these methods are hard-to-detect, but taking proper precautions—like securing all devices with passwords, keeping systems updated and patched, and utilizing updated antivirus tools—will go a long way in protecting your business.

Business Email Compromise hacking method

Because payroll is a lucrative target for hackers, for obvious reasons, many scammers attempt to access or change company payroll data. When using the BEC method, hackers will set up a generic email account, like Gmail or Outlook, using the name of a company executive or high-ranking employee. They’ll do extensive research on the person they’re impersonating and will email a payroll provider or someone in finance who works with the company’s payroll asking that their direct deposit account be changed for the next payroll. The hacker will do everything they can to make the sender look legitimate (and they often pass as “the real thing”) and the email will be very well-written.

So how do you limit your vulnerability?

One of the most effective ways to detect this hack before it happens is to rely on human interaction to verify the details of the request. Don’t respond to the email that was sent—and certainly don’t download any attachments or click any links within the email itself. Instead, go straight to the source. Contact the person the email “came from” by phone or in-person to ensure it really was them making the request, not a hacker.

Additionally, you can protect yourself from BEC hackers by:

  • Using multi-factor authentication for employee self-service platforms

  • Securing social media pages so it’s not obvious when executives or employees are out of town and unreachable by staff

  • Implementing email security measures to monitor email conventions; look for “reply” addresses that are different from the “from” address—this is a common method used by hackers

  • Validating new direct deposit information by sending an ACH pre-note to the financial institution and issuing a live check for the first payroll after the change is made

  • Watching for similar strategies, such as vendor impersonation requesting an urgent wire payment

Protecting yourself from Imposter Method attempts

Another popular scam, along the same lines of the BEC method, is accessing payroll by impersonating a business owner that needs to get set up with a payroll processing service. The fraudster will email or complete an online form requesting information about getting started with payroll; they’ll use the correct terminology to make it difficult for the recipient to discern the legitimacy of the request.

But again, there will be red flags along the way you can pick up on to help you avoid being scammed by this technique. Frequently, the details of these requests are consistent: the business is often brand new, on a weekly payroll schedule, and always pressed for time. These types of scam requests usually:

  • Are urgent, rushing to circumvent existing cyber security safeguards

  • Require pay cards for employee payouts

  • Have employees in different states across the country

  • Have a business location in a state different from the payroll provider they are requesting services from

  • Use personal bank accounts rather than a business account

  • Boast high salaries, all things considered, for a weekly payroll schedule

What you can do to lessen your vulnerability to payroll fraud and internet crime

Businesses are a worthwhile target for hackers because they have a much larger cash flow than the average person, so the threat of internet crime is constant and the vulnerabilities are numerous. To help lesson your liability to payroll fraud and internet crime, consider implementing the following company policies and practices:

  • Draft a Written Information Security Plan (WISP) that all employees are required to agree and adhere to

  • Store backup servers off-site

  • Install and utilize a trusted Anti-Virus application that can protect you against viruses as well as email attachments that frequently contain viruses

  • Block websites that are not work-related, such as personal email, social media, gambling sites, ecommerce sites, etc.

  • Perform regular browser history audits on internal communications

  • Implement a cyber security training program to help employees identify potential phishing/hacking attempts

  • Password protect your software applications using strong passwords, changing them regularly, and making sure you don’t use the same password for multiple websites/softwares/etc.

  • Don’t open emails or attachments from unknown senders

  • Never enter login credentials for a banking site or financial institution from an email link or attachment. Instead, use your bookmarks or search for the site online

  • Instruct customers/clients/employees to call you if they receive a suspicious email that appears to be from you

Limiting your vulnerabilities to internet crime is a great first step in safeguarding your business, but take it a step further by developing a step-by-step plan for how you’re going to handle a cyber security attack or hack.

What to do if you receive a scam email or hack

The thought of dealing with a scammer or hacker can be overwhelming at best, but following a few simple steps in the event of a potential hack will go a long way in addressing the issue and mitigating effects.

  1. Rely on human interactions to verify the request as legitimate; don’t use email to do this—pick up the phone at the very least.

  2. Capture the IP address on the request and do a reverse lookup to reveal any mismatch in location.

  3. Report it to the FBI’s Crime Complaint Center or the IRS.

Remember: when it comes to cyber security, it’s better to be safe than sorry—especially around tax season. According to IBM, there’s typically an increase in hacking attempts using a Trojan virus around tax time, as more money starts moving in the economy. The Trojan virus is delivered, again, via a professionally-worded request from an email address that spoofs a legitimate business or person; once the addressee opens the attachment, the malware is downloaded and can steal remote desktop and banking credentials from the computer and any others on the same network. These types of attacks can target both personal and business email addresses, so it’s important to always keep cyber security best practices top-of-mind when you receive a seemingly out-of-the-blue request or email from a company or person.

To learn more about ongoing cyber security schemes and prevention tips, download our whitepaper on Understanding and Preparing for Internet Crimes and Payroll Fraud!


About the Author

Jan Walker has over 20 years’ experience in enterprise software sales and marketing across numerous disciplines, including CRM, Payroll, VoIP, Cost Modeling, Demand Planning and Forecasting. She is currently an Account Manager with payroll software developer CyberPay. Connect with her and CyberPay on LinkedIn.