Skip to Content
Security & privacy

This new email scam can steal your direct deposit paycheck

Cybercriminals will never, ever run out of clever ploys and ingenious schemes to earn a quick buck from every victim that they can manage to reel in. And these dime-a-dozen scammers are not only targeting individuals, they are also going after businesses and institutions.

In fact, cybercrimes against businesses have been increasing at a steady pace. According to a recent FBI report, exposed losses due to business scams have exceeded $12.5 billion in 2018! Targeting businesses is a profitable lucrative scheme for fraudsters, for sure.

Now, it looks like crooks have developed a simple but effective way to siphon money out of companies that use direct deposit to pay their employees. Read on and I’ll break down the details of this emerging scam and give you tips on how to protect your organization against it.

Payroll direct deposit scams are on the rise

Similar to the recent surge of tax scams and gift card scams, fraudsters are now targeting the HR departments of various companies in hopes of persuading employees to change the direct deposit bank information to one that is under their control.

In one such case, KVC Health Systems, a nonprofit child welfare agency based in Kansas City, receives these types of phishing emails around two or three times a month, CNBC reports.

Similar to Business Email Compromise (BEC) scams, the fraudulent emails are made to appear that they were sent by the company’s executives to HR employees. Their request? Change the banking information and routing information that the company uses for paycheck direct depositing.

If successful, the scammer can then siphon all the funds, leaving the company with thousand-dollar losses while its employees face delayed paychecks.

Bonus podcast: Scammers aren’t asking for a lot of money, but they are getting more dangerous. There’s a scary new phishing scam that’s out to steal your paycheck. Listen to this free Consumer Tech Update podcast for a quick rundown.

How this scam works

Despite its potential for big losses, the payroll scam is not a particularly sophisticated attack. Unlike traditional Business Email Compromise scams, the fraudsters don’t even bother hacking into your boss’s email account. According to email security firm Vade Secure, they simply create fake email accounts with free services (like Gmail or Yahoo, for example) under an executive’s name.

With this method, they’re hoping that the targeted employee is careless enough not to notice the full email address or they’re viewing their messages on a phone where only the sender’s name is readily apparent in the “From” field.

The messages appear to be short and casual with a slight sense of urgency, asking the employee to change the banking information quickly.

Unlike other email scams, these emails are also surprisingly well-written with few typos and grammatical mistakes. Often, they prevent the victim from calling back by claiming that the boss “is in a meeting” or with “limited phone coverage.”

Here are some examples:

“Are you available? There is something I need you to do. I am going into a meeting now with limited phone calls, so just reply my email.”

Image Credit: CNBC

“I need to update my pay check direct deposit information. Please can we handle it now? Thanks”

Image Credit: CNBC

Why are payroll scams spreading?

Although simple and unsophisticated, these types of wire fraud scams are spreading because they’re easy to create and deploy, usually with automated methods.

As I mentioned earlier, it doesn’t require the successful compromise of an executive’s email account, all it takes is the creation of a new account with their name.

Next, since the fake emails are brief and casual, they don’t usually trigger email spam and phishing filters. Additionally, the scam doesn’t raise the usual red flags since it’s not requesting for a significant cash wire transfer — it’s just asking for a bank account number change.

Similar to the shotgun approach of mass robocalls and spam emails. since this scam is cheap to reproduce, they can hit more companies with lesser amounts. The payoffs might be smaller, but they can remain under the radar for much longer.


How to protect your organization from the payroll scam:

So how do we protect ourselves from this growing cyberscam? Here are a few tips:

Be vigilant with email communication – Check email addresses carefully, especially those coming from executives demanding financial transactions. A missing character on the address could spell the difference between safety and compromise. And as much as possible, don’t use personal emails for company messages.

Tweak your company’s email filters – Inform your IT department and have them include keywords of this attack in your email spam filters.

Watch out for social engineering scams – Curate your social media feeds and avoid posting vital corporate workflow details that could reveal your organization’s executive and human resources employees.

Use two-factor authentication – Think of using two-factor authentication for fund transfers and corporate email accounts. Use known phone numbers for verification and avoid displaying these phone numbers on email correspondence. Click here to learn how to set up two-factor authentication.

If you are a victim of this scam or any other BEC attack, the FBI recommends that you contact your financial institution immediately so they can track and coordinate where the funds was sent. Next, contact the FBI to report the crime and file a complaint with the Internet Crime Complaint Center (

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out