With more people working remotely, there has been a dramatic increase in email scams trying to get a payroll or accounts payable employee to wire transfer money to a person impersonating another employee. The impersonator often disguises him/herself as a CEO or someone from top management. Any email where there is a request to have money wired or to change the bank account for a direct deposit should be handled with extra care and diligence.

Often there are tell-tale signals that the email may be fake:

  • Misspellings
  • Grammatical Errors
  • A heightened sense of urgency
  • Request for personal identifiable information
  • Threats with consequences (especially true if it is claiming to be from your supervisor)

Do NOT hit reply. Instead, verify the authenticity of the request by independently contacting the requestor. That means creating your own email to contact the person. Even better, go the old- fashioned route and call them using the phone number on file, not the phone number that may be in the email as the imposter may have changed that. Consider even making a video call to confirm the identity of the employee or requestor just to be safe.

For any changes to direct deposit, it is best to require a new form with a voided check if possible. Even though the dollar amount of a direct deposit fraud may not seem significant enough to go through all the effort to create a fictitious scheme, hackers have created automated systems to generate fake emails in masse. All they need is a few to fall prey per day. In addition, your IT department should indicate if the email originated from an external sender. If someone’s email was compromised, your system would detect that it was received from outside the district’s email network and that should be an immediate red flag. So, if you see an email from your coworker and get the message below: STOP, report this to your IT staff, and DO NOT CLICK anything in the email.

While it would be best to have wire transfer requests and changes in direct deposit be done in-person, this may not be practical given the situation we are all in. A little extra time and effort to confirm the request can save a lot of time, money, and aggravation.

This article was also featured in our newsletter Lesson Plan Vol. 23

Erin Gruppe

Erin Gruppe

Staff Accountant

Erin is a member of Cerini & Associates; audit staff where she works with our nonprofit and school district clients. Erin has experience in internal claims auditing and external auditing, including financial statement audits. Erins’ knowledge and experience allow her to provide specific services including systems testing and analysis, internal and external audit functions, and claims audit functions.

Font Resize