With more people working remotely, there has been a dramatic increase in email scams trying to get a payroll or accounts payable employee to wire transfer money to a person impersonating another employee. The impersonator often disguises him/herself as a CEO or someone from top management. Any email where there is a request to have money wired or to change the bank account for a direct deposit should be handled with extra care and diligence.
Often there are tell-tale signals that the email may be fake:
- Grammatical Errors
- A heightened sense of urgency
- Request for personal identifiable information
- Threats with consequences (especially true if it is claiming to be from your supervisor)
Do NOT hit reply. Instead, verify the authenticity of the request by independently contacting the requestor. That means creating your own email to contact the person. Even better, go the old- fashioned route and call them using the phone number on file, not the phone number that may be in the email as the imposter may have changed that. Consider even making a video call to confirm the identity of the employee or requestor just to be safe.
For any changes to direct deposit, it is best to require a new form with a voided check if possible. Even though the dollar amount of a direct deposit fraud may not seem significant enough to go through all the effort to create a fictitious scheme, hackers have created automated systems to generate fake emails in masse. All they need is a few to fall prey per day. In addition, your IT department should indicate if the email originated from an external sender. If someone’s email was compromised, your system would detect that it was received from outside the district’s email network and that should be an immediate red flag. So, if you see an email from your coworker and get the message below: STOP, report this to your IT staff, and DO NOT CLICK anything in the email.
While it would be best to have wire transfer requests and changes in direct deposit be done in-person, this may not be practical given the situation we are all in. A little extra time and effort to confirm the request can save a lot of time, money, and aggravation.