Protect Yourself and Your Clients From Email Fraud
We continue to see fraudsters taking over email accounts in order to divert payroll funds to a different account or increase the dollar amount. It's important to remain diligent to protect your clients and your business.
Confirm the information by calling, faxing, or texting your client. (out-of-band authentication)
Review emails thoroughly and be careful when responding. You don’t know who could be on the other side.
Enforce strong internal controls
Be sure all employees know and follow the policies.
What is Business Email Compromise (BEC)?
Business Email Compromise is one of the most financially damaging online crimes. It causes billions in losses every year and has increased as businesses conduct more and more of their business virtually.
BEC exploits the fact that so many of us rely on email to conduct business. In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request, i.e. your payroll client. They then trick someone into exposing confidential information.
How does payroll fraud via email happen?
The most common form of ACH fraud is the use of malware and phishing emails to trick individuals into giving over their banking information. The malware keeps track of keystrokes and can access passwords and forms that have been saved on practically any device. A routing number and checking account number are the only two vital pieces of information fraudsters require to access a person's bank account.
Once scammers gain control of your client’s email accounts and information, they use that email account to send fraudulent payroll change requests to you (i.e., bank account information). Without verifying these changes, your client won’t know this is happening until money has already been taken out of their account.
Plan Your Procedure
Check out the resources below or give us a call to learn how you can improve your procedures to better protect yourself and your clients.