Payroll Diversion Fraud

Payroll Diversion Fraud, commonly referred to as Direct Deposit Fraud, is a malicious scheme where cyber adversaries attempt to redirect an employee's pay cheque to an unauthorized bank account, typically under their control.

How does payroll diversion fraud occur?

Cyber adversaries target end-users (employees) to obtain their login credentials through a number of channels including phishing emails, phishing websites, social engineering, unsecure networks, or already compromised credentials used on other sites. Once they are successful at tricking the employee in giving up their credentials, they then log in to the employee’s Powerpay account and update the direct deposit information to redirect the employee’s paycheck to their own bank account.

What can be done to reduce exposure?

To reduce potential exposure, we recommend taking the following security measures within your organization:

  • Set up Multifactor Authentication (MFA)

    • MFA is free-of-charge and provides an extra security layer for user logins and to help protect against credential theft and fraudulent behavior.

    • Ensure users verify their identity by first entering their username and password and then entering a time-based, one-time code that they receive by text message or voice call

    • Contact your Customer Support Team to enable this functionality for your payroll.

    • More information on MFA can be found here.

  • Employ Best Practices for Password Policy

    • Enforce strong passwords, including passwords with complexity, length, and expiration dates

    • Engage in user education to ensure employees understand and apply the password policy

    • Remind users that there is no legitimate reason for a person inside or outside your organization to request their password through email or SMS.

    • For more information on password policies, see Password restrictions and guidelines and Password ideas.

  • Notification Emails

    • Verify that Powerpay emails are delivered to end users and not blocked by email security systems.

  • Employee Education

    • Train employees regularly on the risks of phishing emails and the importance of not clicking on suspicious links or sharing credentials.

    • Instruct employees to bookmark the Powerpay Self Service site at first login to decrease the likelihood that they accidentally go to a lookalike site.

    • Warn employees to check the browser bar when they access the site to ensure they are going to the right domain.

    • Alert employees to pay attention to notifications.

  • Secure Communication

    • Encourage employees to communicate any payroll changes in person or through a secure, official channel.

What to do if you suspect fraud

Follow these tips if you suspect fraud has been committed against your organization:

  • Take Immediate Action: If employees suspect they've received a phishing email or their account has been compromised, they should immediately report it.

  • Change Passwords Immediately: Change passwords for all accounts promptly, especially the payroll system. Do not share the passwords with anyone or any app.

  • Contact the Bank: Notify the bank immediately about the suspected fraudulent transaction. The bank might be able to stop the transaction if it hasn't been processed yet.

  • Modify Approval Processes: If possible, multiple parties, including the payroll administrator, should verify and approve any request to change direct deposit information. A multi-step approval process can prevent unauthorized changes.

  • Stop the Payroll Transaction: Contact the bank immediately to stop the transaction if payroll has already been processed.