Be Cautious of Payroll Requests via Email
If you receive payroll requests via email, take more time to review before accepting and processing them.
We continue to see fraudsters attempting to take over customer email accounts to divert payroll funds to a different account or increase the dollar amount. Fraudsters gain control of your client's email and then use that email account to request fraudulent payrolls. Your client won't know this is happening until after money has been taken out of their account.
Always follow up by calling your customer to confirm the payroll request. It's best practice to use the business phone number you have on file and not a phone number from the potentially fraudulent email.
Steps you can take to protect yourself and your clients:
- Take a moment to verify the information with a phone call, fax, or text. (out-of-band authentication)
- Be cautious when responding to emails - you don't know who could be on the other side.
- Have strong internal controls in place and be sure all employees know and follow the policies.
Employers and payroll processors are losing tens of thousands of dollars by not taking the above steps. Don't let your client or yourself be the next victim. Please view the resources below or give us a call to discuss improving your procedures to better protect yourself and your clients.
- Tips to Prevent Fraud
- Take advantage of some of the FREE tools available at KnowBe4 and teach employees how to spot fraud.
- Learn more about Data Security from the Federal Trade Commission.
Contact the Kotapay Risk Department
phone: (800) 378-3328