What is Payroll Diversion & How Does it Happen?

Payroll Diversion happens when cyber criminals commit payroll fraud by sending fake phishing emails or calling HR and Payroll representatives requesting a change to employee bank account information. The requests include change of banking details and appear to use the employee’s correct sender name and email signature. Fraudsters have gathered enough information about the real employee to successfully impersonate them. Once the change is made, the employee’s payroll is diverted to a fraudulent account.

These criminals do their homework, they research companies to attack, find out their payroll schedule and identify employee targets. Much of this happens through social engineering, phishing, and cyber stalking. They then either manage to steal an employee's login credentials to their company's payroll system, or make their request directly to the company's payroll team.

How Can You Stop These Fraud Attempts?

1. Adhere to your processes: If not already in place, create a step-by-step process for all payroll direct deposit changes and ensure all employees that handle payroll requests are trained on your procedures.
2. Verify all change requests: Do not accept simple email, phone call, or text requests. Require additional verification and approvals prior to proceeding with any change requests. We suggest using multi-factor authentication (MFA) to confirm an employee's identity before making any changes.
3. Educate your employees: Instruct your employees to periodically monitor their accounts for irregularities and make them aware of the risks and red flags associated with phishing and social engineering. Remind them not to share personal information such as Social Security Numbers, Employee ID Nos., PINs, login credentials, or bank account information via email or over the phone, and to use extreme caution when clicking on any links or downloading any email attachments.
4. Alert us immediately: If you suspect you may have fallen victim to this or any other fraud, notify us as soon as possible so we can help you take steps to protect your accounts from any unauthorized activity. Delays can be costly, so never hesitate to contact us, even if you are not sure. It's always better to be safe than sorry. Call your Banker or our E-Services team at 217-438-4101 or toll-free at 855-822-5880 Monday-Friday 7:00am-6:00pm and Saturdays 8:00am-12:00pm.