Q: How does the new email phishing scam that targets employee payroll work?
—Concerned Business Owner
A: Dear Concerned Business Owner:
Known as “business email compromise” or “business email spoofing” (BEC/BES), these scams target businesses of all industry types and sizes.
The emails typically impersonate a high-level company employee, like the CFO or CEO, and the messages are sent to payroll or human resources (HR) staff. The email from the scammer asks the payroll or HR staff to change his or her direct deposit information for payroll. The scammer then provides a new bank account and routing number used to have paychecks direct-deposited, but the account is actually controlled by the scammer.
Once the funds are routed to the criminal’s account, the company is on the hook for replacing the stolen funds, and the employee whose email was impersonated faces the inconvenience of a late paycheck. The scam is generally discovered fairly quickly, but not before the victim misses one or two direct deposits.
To protect your company from this scam and others like it, meet with a Family Business Lawyer™ for help implementing a comprehensive digital protection plan.