It used to be that whenever payroll fraud was mentioned, thoughts would turn to ghost employees or tampering with casual worker’s master files.
But recently it seems that fraudsters have moved their attention to other ways of infiltrating payroll departments in order to receive money that they are not entitled to
This scenario happened to Australian Payroll Association recently, and we have had two members advise us of the same scam happening to them in the last week.
How it works is the perpetrator has a copy of the email signature of a manager with financial authority or an employee. They send an email that looks exactly like it has genuinely come from that person to the pay office. They typically request making a bank account change for an employee or ask to have an immediate funds transfer made to a certain bank account.
The scenario at Australian Payroll Association was an email purporting to be from me to our accounts manager requesting an urgent payment to a bank account.
Having almost fallen for this scam ourselves, (luckily the person that the email was sent to is highly sceptical), we realised first hand how easy it is for employers to treat emails as instructions without any questions being asked.
The best way to ensure you don’t fall for this type of fraudulent activity is to ensure your payroll processes are sound.
Ask yourself what governance and controls exist, for both the payroll process and in the management of your employee data? Do you have documented authorities, policies on data protection, review audit trails or perform any other anti-fraud process?
One simple fix could be employee bank detail changes have to be in person to the pay office, or with scanned ID if employees are spread over several locations. Or perhaps to have any employee personal detail changes to be completed exclusively using an employee self service portal.
And of course, we always recommend reporting the fraudulent activity to the police, as we did and our members did also.
The key is to be vigilant and think of all the ways a fraudster could infiltrate your payroll function, then close the gaps before it happens.
If you would like support to do this, please contact me at firstname.lastname@example.org