As the year draws to a close, some businesses may experience a surge in fraudulent activity as scammers attempt to exploit processes using spoofed or hacked email addresses to impersonate employees and companies. Here are some common indicators of email fraud and ways to help protect your business and your employees.
Common indicators of email fraud
Unusual direct deposit requests
Be cautious if you receive an email request to change an employee's direct deposit information (especially regarding pay cards or unfamiliar banks). If you do receive such a request:
- Verbally verify the request. Ask for confirmation directly from the employee about the change that is being requested. Actions like a quick phone call with the employee can help you identify if the request you received is legitimate.
- Avoid replying directly to the email. As a best practice, wait until you receive confirmation through a secure method before replying to the request.
Requests for new 1099 contractors and large payments
Be wary of new contractors requesting immediate payments, particularly if the amounts are large or larger than normal. Take the following precautions to help prevent fraudulent activity:
- Review your records. Check your records for current or past contractors to help determine if this request seems legitimate or unusual.
- Verify accuracy. Confirm with the appropriate manager at your company that the contractor in the request was actually hired and requires immediate payment.
Fraudulent email addresses
Fraudulent emails can often appear authentic at first glance. To help identify potential spoofing:
- Confirm the email address. Review the email address from the request to ensure that it matches what you have used in the past for that employee.
- Be on the lookout for discrepancies. Carefully check the email address for extra characters or slight misspellings that may indicate fraud.
- Be alert for red flags. Review emails for pushy language, requests to act with urgency, requests to bypass normal controls, and an overall tone that feels off from the sender’s usual communication style.
Verbal verification is a top defense against fraud
Verbal verification can be a highly effective strategy for helping protect your business from payroll fraud. If you receive an unusual request or something feels off during an email interaction, do not hesitate to contact or call your employees directly to confirm the legitimacy of the request.
Good email practices
Email accounts are often targeted by fraudsters due to the sensitive information they contain. Unauthorized access can lead to identity theft, financial fraud and data breaches. It’s important to protect your email account from being hacked.
Here are some good email practices:
- Use strong passwords. Aim for complex passphrases that are at least 12 characters long, avoid using easily guessable information, and change your passwords regularly, especially if you have been hacked.
- Enable Two-Factor Authentication (2FA) (where possible). This adds an extra layer of security by requiring a second form of verification, such as a text message or authentication app, in addition to your password.
- Be wary of phishing attempts. Always verify the sender's email address and be cautious of unsolicited emails asking for personal information or containing suspicious links. Do not click on links or download attachments from unknown sources.
- Regularly update software. Ensure that your operating system, anti-virus software, and email applications are up to date to protect against vulnerabilities.
- Monitor account activity. Regularly check your sent folder and account settings for any unauthorized changes or unfamiliar activity. If you notice anything suspicious, change your password immediately.
Conclusion
By staying informed and proactive, you can help protect your organization from the rising threat of fraud during this end-of-year period as well as throughout the year.