There are many common types of payroll fraud that employees commit, but we aren’t going to talk about those. Instead, we’ll talk about payroll diversion attacks or payroll diversion scams. There aren’t many things worse than having your business email compromised because of social engineering or phishing attacks because of security gaps, so let’s jump right in!  

Do you know how to avoid a payroll diversion attack? Young woman handing over a payroll check.

What Are Payroll Diversion Attacks, and Why Should I Care?

Payroll diversion attacks are designed to steal employees’ personal information or financial data, such as bank account numbers and social security numbers. They often take advantage of legitimate software vulnerabilities found within companies’ systems. If you haven’t heard of it, these attacks are becoming more common.

Payroll diversion attacks have become a growing issue across ALL industries. Employers face increasing risks from small businesses to large corporations due to the rise of innovative technologies. This means they must stay vigilant and ensure their cybersecurity measures are strong enough to prevent these threat actors from gaining access to sensitive information. 

Female medieval knight with spear poses in armor, great tournament. Armored ancient warriors in armour posing in the field

Why Should You Care About Payroll Diversion Attacks?

This type of crime is hazardous for small business owners who don’t have the resources needed to protect themselves from cybercriminals. Payroll Diversion Attacks are used to steal money from organizations using phishing emails and social engineering techniques. These attacks effectively steal employees’ personal information, which is then sold online.

The most common attack method is spear-phishing emails containing malicious links or attachments. Once the link is clicked, the malware infects the user’s computer. Once infected, the malware collects all the necessary information, including usernames, passwords, credit card details, banking info, etc.

If you see one of these common email subject lines: “Your paycheck has been diverted”, “You have been selected for an audit,” or “We need to verify your identity”, it is a payroll diversion attack. These emails may come from someone claiming to be with the IRS, the Department of Labor (DOL), other government agencies, or from inside your company. The scammers will use this information to access your company’s system and steal your employees’ personal information.

Hacker in mask under hood hacking and phishing victims from online shopping and finance activities

How Do Hackers Gain Access to Payroll Information?

There are a few ways hackers can gain access to payroll data. The most common attack method is spear-phishing emails containing malicious links or attachments. These phishing emails look like official communications from your company or a site you visit. They usually include website links that ask users to enter their login credentials. Once the user enters those details, the attacker gains access to the entire network. Business email compromise is a growing threat to businesses, not just the result of phishing attacks.

A second method is for the attacker to send out fake invoices to employees to trick them into providing their login credentials. Once the employee provides their username and password, the attacker has full control over the victim’s computer.

Another way hackers can obtain payroll data is by hacking into the company’s computer servers. The attacker installs malware onto the server, which allows them to view sensitive files. They can then copy the data and transfer it to a remote location.

See also  Everything You've Ever Wanted to Know About Spam Emails and 5 Ways You Can Stop Them In Their Tracks

Once the hacker has access to the data, they can alter paychecks, redirect direct deposits and payroll funds, and open fraudulent accounts. For example, they could change the amount paid to an employee every week. Or they could create fake invoices and submit them to the IRS, claiming that the company owes taxes.

These hackers are so good that they’ll study your business’ legitimate payroll processes to avoid raising any red flags. The hacker making these attacks could continue until the company realizes what’s happening and acts. Suppose the company doesn’t take immediate steps to secure its systems. In that case, hackers will have complete control of your business’ funds and be able to get away with payroll diversion fraud for an infinite amount of time.

Email notification concept, woman working with a computer laptop, one new inbox e mail message on the screen, business office desk background

What Happens When a Hacker Gets Access to Payroll Portals and Data?

Payroll diversion fraud aims to move money from one place to another without getting caught. But hackers can use this information to commit identity theft, fraud, tax evasion, and other crimes when they gain access to payroll data. And guess who is footing the bill for all of this? You’d be correct if you guessed the business owner is on the hook for the cash.

Most payroll diversion scams start innocently enough by the employee receiving a fake email from a spoofed domain that looks like an address they’ve visited in the past or from accounting asking for an updated email address or if you have access to certain email accounts. Then they may ask for a copy of your direct deposit slip, leading to deposit change requests and fraudulent wire transfers. 

In addition to the threat of identity theft, there’s another major concern associated with payroll theft. Hackers can use stolen information to file false claims for unemployment benefits. This hurts the victim and puts them at risk of losing their job. 

handsome security guard standing and listening message with security earpiece

What Can I Do to Protect Myself from Payroll Diversion Scams?

The good news is that there are ways to protect your business from becoming a victim of a payroll diversion attack. Here are some tips:

1. Be vigilant when receiving emails. If you receive suspicious emails, don’t open any attachments. Instead, please forward them to your IT security team.

2. Install firewalls and antivirus software. Both types of software can detect malicious code and stop it from spreading. And keep your security software up to date. Ensure you’re running the latest version of Microsoft Windows, your payroll software, and all other programs.

3. Use two-factor authentication whenever possible.

4. Use multi-factor authentication if possible because it’s even more secure than two-factor authentication. 

5. Protect sensitive information. Companies should encrypt documents containing personal information such as Social Security numbers, credit card details, bank account numbers, etc. This will prevent anyone who gains physical possession of these documents from reading them.

6. Always pay attention to any unusual activity on your accounts.

7. Monitor your bank statements regularly and look for fraudulent payroll charges that may appear. 

8. Report suspected incidents promptly. Contact your local law enforcement agency if you think you’ve been targeted. Also, contact the FBI if you believe your identity may have been stolen.

9. Never click on links or download attachments from unknown sources. This includes emails from friends, family members, and co-workers.

See also  The 30 Best Cybersecurity Training Tips To Keep You Safe

10. Be careful what you share online. When posting photos or videos, consider whether others could view them. Also, never post sensitive information such as Social Security numbers, credit card numbers, bank account numbers, or passwords.

11. Train employees in cybersecurity best practices. Employees should know where to find important documents and how to protect themselves against phishing scams. They should also be aware of common signs of a potential hack, including unexpected emails or phone calls asking for confidential information.

 

Wrapping Up

Payroll diversion attacks are still ramping up, and we could see many more incidences before year’s end. So, ensure you take precautions to avoid being a victim of payroll phishing email schemes. If you follow the tips we laid out and kept track of your business’s financial transactions, and if something were to pop up, you’d be able to squash it quickly. If you have any questions or need help with anything else, feel free to send us a message or leave a comment below.