How do you know if you are a victim of identity theft?
The Tuolumne County Sheriff’s Office has reported a scam targeting companies’ payroll and human resources departments to steal employees’ paychecks. It involves rerouting the direct deposit of pay.
“We have had two in our county within the last few months,” Sgt. Andrea Benson said Tuesday morning.
The emails generally impersonate an actual company employee and are sent to payroll or HR personnel, the Sheriff’s Office said in a news release Monday afternoon. The email requests a change in payroll direct deposit and provides a new bank account and routing number, which leads to a bogus account operated by the scammer.
The request might not seem out of the ordinary, the news release warns, because the scammer uses an actual employee, whether it be a new hire or a retiree. By the time the deception has been discovered, the employee may have a payroll deposit or two, leaving the company responsible for replacing the loss.
“The fake emails are usually well written, cordial and lack the misspellings, grammar mistakes and exclamation points that would trigger many popular email filters that search for spam or phishing attempts,” the news release says. “The scammers may even spoof the forms used by the company when making these requests.”
The spoofing doesn’t require hacking into any email accounts, as is often the case with bigger-ticket wire fraud, the Sheriff’s Office notes. The scammers generate the fake emails with free services like Gmail and they can simply open a new email account and fill in the employee’s name, which allows them to get around tools meant to detect hacking attempts on employee email.
Payroll and HR employees may not notice, either because they are working quickly and they don’t notice the full email address, or they are working on a mobile device where only the person’s name is displayed in the “from” field, according to the news release.
“We recommend making a phone call to the employee or meeting with them in person to verify the request before processing the change,” Benson said in the news release. “It is also best to avoid using your personal email when sending messages to staff.”
In December, the Internal Revenue Service warned tax professionals about direct-deposit payroll and W-2 Form scams, concerned that they could increase as the 2019 tax season approached.
If such a phishing email is received, the Sheriff’s Office advises:
- Forward non-tax-related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.
- Forward tax-related emails to firstname.lastname@example.org. IRS cybersecurity professionals monitor this account, and this reporting process also enables the IRS and its Security Summit partners to identify trends and issue warnings.
- If you are an employer impacted by the form W-2 scam, forward the email to email@example.com. There is a process employers that can follow at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.
- If you are an employer who received a form W-2 scam email but was not impacted (meaning you didn’t click or respond), forward the email to firstname.lastname@example.org.
Spokespeople for the Modesto Police, Oakdale Police, Turlock Police and Stanislaus County Sheriff’s departments said Tuesday that they’d heard no reports of the scam being attempted locally.