Payroll professionals spend a lot of time helping clients comply with tax regulations, manage employee records, and process payroll accurately. Increasingly, however, they are also helping clients defend against fraud.
One of the fastest-growing payroll-related scams is deceptively simple—and surprisingly effective.
How the Scam Works
The fraud often begins with a compromised personal email account.
A criminal gains access to an employee’s email and sends a message to the employer or HR contact requesting a direct deposit change. The request may appear completely legitimate. It often includes the employee’s name, personal details, and a convincing explanation such as:
- “I switched banks.”
- “My account was compromised.”
- “Please update my direct deposit before the next payroll.”
If the employer updates the banking information without verification, the next payroll is deposited into an account controlled by the fraudster. In many cases, criminals use prepaid debit cards or paycards that can be quickly emptied once the payroll funds arrive.
The fraud typically isn’t discovered until payday, when the employee reports that they never received their paycheck.
By then, the funds have usually been withdrawn and are extremely difficult—if not impossible—to recover.
Why This Fraud Is So Effective
Unlike sophisticated cyberattacks, this scam doesn’t rely on advanced technology. It exploits something much simpler: trust. The request looks routine, the employee’s name is familiar, and the timing often creates urgency. Because direct deposit changes are common, employers may process them without giving the request a second thought. Unfortunately, a single mistake can result in thousands of dollars in losses, employee hardship, and significant administrative headaches. “Most payroll fraud isn’t the result of a technology failure—it’s a process failure,” says Liz Kulis, Payroll Specialist at ConnectPay. “Criminals know that HR and payroll teams are busy, and they’re counting on someone treating a bank account change as a routine request instead of a financial transaction that requires verification.”
The Most Important Prevention Policy
The best defense is also one of the simplest:
Never change banking information based solely on an email request.
“The good news is that this is one of the easiest fraud schemes to prevent,” notes Kulis.” A quick phone call to a number already on file can stop a fraudster in their tracks. That simple verification step is often the difference between a normal payroll and a costly loss.”
Before updating direct deposit information, employers should verify the request by:
- Calling the employee using a known phone number on file
- Speaking with the employee in person
- Using a secure employee self-service platform with established authentication controls
- Following documented approval procedures for all banking changes
The key principle is verification through an independent channel. If the request arrives by email, confirmation should happen somewhere other than email.
Don’t Forget Vendor Payment Changes
The same fraud tactic is commonly used against accounts payable departments.
A criminal impersonates a vendor and requests that future payments be sent to a new bank account. If the change is accepted without verification, vendor payments can be redirected just as easily as payroll funds.
Employers should apply the same controls to vendor banking changes:
- Verify requests using a known contact number
- Confirm changes with an established vendor contact
- Require documented approval before updating payment instructions
Whether the request involves payroll or accounts payable, the process should be identical: trust, but verify.
The Payroll Provider’s Opportunity
Independent payroll providers are often the first line of defense against payroll fraud. Clients may not be aware of the risks associated with direct deposit change requests, especially smaller organizations without dedicated HR or IT teams. By educating clients and encouraging simple verification procedures, payroll providers can help prevent losses before they occur. A two-minute phone call may feel inconvenient, but recovering a stolen payroll is far more difficult.
Key Takeaway
Fraudsters don’t always break through security systems—they often look for gaps in everyday business processes. A simple policy requiring direct verification of all bank account changes can stop one of the most common payroll fraud schemes before it succeeds. When it comes to payroll and payment instructions, no email should ever be trusted without verification.