Corporate Culture

I haven’t see any payroll fraud, but am experiencing a huge increase in the number of phishing emails asking me to change employee’s bank account information. Any one else experiencing this?

We are often dealing with employees at distance. We now require a PDF of their banking information from the financial institution clearly identifying the employee’s name on the account, along with a copy of the employee’s picture ID. HR follow up with verbal confirmation.

This is becoming way too common.

I’m also receiving many phishing emails asking me to change employee’s bank account information.

The increase in phishing emails “from” an employee asking to change banking is staggering! We’ve even seen one recently that had a bank direct deposit form attached–the account holder name had been altered to an employee’s name.

My practice is to confirm via a separate email (separate from the request) if the employee actually wants to make the change. If so, we require the actual direct deposit form from their financial institution prior to initializing a change; if not, no change is made. So far, every one has been either a phish or spoof email.

Interestingly, both payroll fraud stories I have were by middle managers.
In one case the manager had “rehired” a former employee on a casual basis with an established EEId and SIN. The bank deposit form was filled out manually rather than including a cheque – the bank account ended up corresponding to the managers account on file for expense reimbursement (they used a different account for payroll deposit). Deposits had occurred for a couple of months before anyone caught on. Manager was dismissed, and verification reports started to go to 2nd level mgrs bi-weekly.
The second situation was where the manager, on compassionate grounds, continued to approve salary for an employee on sick leave. Employee apparently had no idea how much sick time they were entitled to and didn’t realize there was an issue. Manager was given escalated warning, employee’s sick bank was exhausted to payback a partial of what was owed, employee was not required to pay it all back.

Boot allowance has recently come up. Employees were providing receipts for boots, and then returning them. Another instance, the company providing the receipts, were providing ‘fake’ receipts.

Another example of fraud. Our public works department had an employee using large equipment for personal income during work time. They employee didn’t realize there was a GPS on the equipment, and was caught.

We provide tool allowances to our service techs and we had many of them submitting their receipts for reimbursement and then returning the tool without having brought them into the shop. We now make sure that we keep a list of the type tools being reimbursed and manager/shop foreman ensures that it is being used for at least a month before we complete the reimbursement.

I’ve also seen a huge increase in requests for a change of banking information. Our employees have access to their profile to update their banking themselves so encourage them to do so. If I have to make the change, I verbally contact them and ask security questions to confirm their identity and also confirm with their direct superior in person that this change is legit.

I have not experienced this but we have multiple checks and balances in place to prevent any payroll mistakes (intentional or accidental) from occurring.

I have experience with phishing emails on bank accounts. I always call the person to confirm. We are using BambooHR. I also told employees that if they change their banking information, they must do it through BambooHR.