Direct Deposit Fraud – Email Scams Could Steal Company Funds

Are you aware the HR and finance departments of many organizations have a huge target on them? Fraudsters sending email correspondence to HR personnel of businesses, posing as other employees in the company with an unrelenting force.

Emails will look legitimate at first, as though they are coming from executives or payroll directors, and for smaller organizations, it’s possible that they might use your coworkers’ real names.

How the scam works:

The main objective of the scammer is to convince HR personnel to change bank account information the targeted employee uses for their direct deposit. By this trickery, your employees’ paychecks will be deposited into the scammer’s bank account, meaning a late check for your employee and loss of funds for the company.

Without careful examination of suspicious emails, we all could fall under the consequences of the scam.

What to look out for:

  • Wrong email addresses
  • Misspelled email addresses that look legitimate but are a few characters off
  • Misspelled names
  • Odd requests
  • Immediate requests (i.e. I need DD change tomorrow)



Subject: Change of Bank Details

From: John Smith <>

Sent: Mon 6/10/2019 9:55AM

To: Jane Doe



Hi Jane,

I would like to update my DD information with my new account details. Can the change be effective for the next pay date?


John Smith


Problems with this email:

The from and to names are names of employees that work at the same company – Payroll Systems. However, the email address does not denote the correct domain name. Instead it reads, “axixx,” which is unknown and unfamiliar.

Some advice if you happen to receive a suspicious email like the ones shown above:

  • Do not engage – best to not respond to the email if you feel that it may be a scam.
  • Get in contact with the alleged sender by other form of communication to notify them and confirm that it isn’t them.
  • Send suspicious email addresses to your IT or systems admin team to black-list them from any future attempts.

Leave a Reply

Your email address will not be published. Required fields are marked *