Scammers are getting increasingly clever with their tricks to deceive and subvert your business systems. Make sure to alert your HR team of a common scam making the rounds.
In this scam, the criminal will create an email address that makes it look like they are sending a message from your employee to your HR department asking to update their bank account details so that their paychecks can be direct deposited to this new account. But hold on! I don’t update that information until you verify it is the actual employee.
Here are tips to avoid falling victim to this scam:
1. If you have a self-service portal for your payroll system, we strongly advise that you put the power in employees’ hands to make these changes on their own. Make sure that employees can turn on two-factor authentication. Direct your employees to update their direct deposit through the self-service portal.
2. Never update anyone’s direct deposit information simply from an email. Most companies use a direct deposit form and verify identity through other means, such as voice verification.
3. If you suspect a breach, take action immediately. Retrace your steps and determine what actions have been taken. Contact the employee to confirm which account they want to use for their direct deposit.
4. If a breach has occurred, alert the authorities and file a police report immediately. Provide as much detail as you possibly can so they can investigate. Contact your bank to inform them of the breach so they can take steps to stop the payment. Determine how your company can make the employee whole, whether cutting a paper check or initiating a new direct deposit.
Be on the lookout for future scams. Criminals are becoming savvy at new schemes. When you discover a new scam, share it with the rest of your team, so they know what to look out for.
Remember, the best tip is, “When in doubt, don’t!”
Your HR Pro 