Cookie settings

Cookies are small text files stored on your device to identify you and can be used to remember user preferences and analyse traffic to further improve our website. We may share information about your use of our site with our social media, advertising and analytics partners. By clicking "Accept all cookies", you agree to the use of all cookies as described in our cookie statement or "Accept only essential cookies" to only use cookies that are necessary for the functioning of our site.

Read our cookie statement here.

You can choose to adjust your preferences at any time.
Wholesale Banking

Payroll scam: Fraudsters are targeting your employee’s paycheck

To overview

In some recent cases, several companies’ Human Resource departments received an email from one of their employees asking to help change their account information. Had they known about the latest scam out there, they would have realised that it wasn’t an employee asking for help. It was a fraudster attempting to steal an employee’s salary.

What is a payroll scam?

Payroll scams are committed by fraudsters who craft deceptive email messages, pretending to be a company employee. By employing well-crafted and seemingly genuine communication, they manipulate HR into altering an employee's banking details to an account under the fraudster's control. When the real employee does not receive their salary on payday and contacts HR, it is already too late and has resulted in an irrecoverable financial loss.

Variants of Payroll scam:

  • Email hack: The fraudsters will hack into the private email account of your employee and send the request from the real email address, making it virtually impossible for HR to identify that it is a request from the fraudsters.
  • Lookalike domain: The fraudsters will create a very similar email domain to confuse the HR department. For instance, can you spot the difference between example@lng.com and example@ing.com where one is written with an L and an I? Or between business-banking@abc.com or businessbanking@abc.com where one is written with – between business and banking and the other one without?
  • Spoof call: Most phones today have the caller ID function. However,  it is possible for fraudsters to “spoof” the caller ID information. The fraudsters will call HR with a spoofed phone number of the employee after sending the fake request, making the recipient believe that they are already in contact with the real employee, thus a call-back procedure is unnecessary. That is exactly what the fraudster is aiming for. Always call back your employees on the pre-arranged number.

What precautions can you take?

  • Educate HR and those who might be the targets of these types of phishing scams. For example, learn how to recognise phishing
  • Pick up the phone and verify the email with the employee. Do not use the phone number mentioned in the email. Use the phone number already available in your systems or the one that is publicly available.
  • Require the employee to complete a written form in the office.
  • Implement an online employee self-service portal on a secure platform for employees to independently manage their account information. This eliminates the need for HR to directly handle sensitive updates on behalf of employees.

Taking precautionary measures today to fortify the verification protocols for payroll adjustments is paramount. By providing basic guidelines and relevant knowledge to employees, companies can shield themselves against potential financial losses in the future.