Home > Topics > Corporate Culture
Payroll Fraud can come in the form of many different schemes.
Has anyone encountered payroll fraud?
Can you describe the circumstances? (no need for company / employee names)
How was it handled, i.e. was the perpetrator fired / charged / convicted?
What changes / processes were made after the fraud was uncovered to stop it from happening again?
I haven’t see any payroll fraud, but am experiencing a huge increase in the number of phishing emails asking me to change employee’s bank account information. Any one else experiencing this?
Hi Katie, yes this is becoming more common. We just need to keep vigilant by checking the real sender of the message. When changing bank details from employees, I request either a hard copy in person or an encrypted pdf with the password send via text message on the work phone. Prior to making the change I call the employee for a verbal conformation.
We are often dealing with employees at distance. We now require a PDF of their banking information from the financial institution clearly identifying the employee’s name on the account, along with a copy of the employee’s picture ID. HR follow up with verbal confirmation.
This is becoming way too common.
I’m also receiving many phishing emails asking me to change employee’s bank account information.
The increase in phishing emails “from” an employee asking to change banking is staggering! We’ve even seen one recently that had a bank direct deposit form attached–the account holder name had been altered to an employee’s name.
My practice is to confirm via a separate email (separate from the request) if the employee actually wants to make the change. If so, we require the actual direct deposit form from their financial institution prior to initializing a change; if not, no change is made. So far, every one has been either a phish or spoof email.
I do the same. I receive average 1 phishing email a month. I ask the employee whose name was used for the banking change request on team message and i also send the snip shot of the email received to confirm if this was sent from them.
Interestingly, both payroll fraud stories I have were by middle managers.
In one case the manager had “rehired” a former employee on a casual basis with an established EEId and SIN. The bank deposit form was filled out manually rather than including a cheque – the bank account ended up corresponding to the managers account on file for expense reimbursement (they used a different account for payroll deposit). Deposits had occurred for a couple of months before anyone caught on. Manager was dismissed, and verification reports started to go to 2nd level mgrs bi-weekly.
The second situation was where the manager, on compassionate grounds, continued to approve salary for an employee on sick leave. Employee apparently had no idea how much sick time they were entitled to and didn’t realize there was an issue. Manager was given escalated warning, employee’s sick bank was exhausted to payback a partial of what was owed, employee was not required to pay it all back.
Boot allowance has recently come up. Employees were providing receipts for boots, and then returning them. Another instance, the company providing the receipts, were providing ‘fake’ receipts.
Another example of fraud. Our public works department had an employee using large equipment for personal income during work time. They employee didn’t realize there was a GPS on the equipment, and was caught.
We provide tool allowances to our service techs and we had many of them submitting their receipts for reimbursement and then returning the tool without having brought them into the shop. We now make sure that we keep a list of the type tools being reimbursed and manager/shop foreman ensures that it is being used for at least a month before we complete the reimbursement.
I’ve also seen a huge increase in requests for a change of banking information. Our employees have access to their profile to update their banking themselves so encourage them to do so. If I have to make the change, I verbally contact them and ask security questions to confirm their identity and also confirm with their direct superior in person that this change is legit.
I have not experienced this but we have multiple checks and balances in place to prevent any payroll mistakes (intentional or accidental) from occurring.
I have experience with phishing emails on bank accounts. I always call the person to confirm. We are using BambooHR. I also told employees that if they change their banking information, they must do it through BambooHR.
Related to Payroll Fraud subject, I am wondering if your company requests a copy of employee’s SIN card / document as part of onboarding? Or just accept SIN as provided by employee on their TD1 forms?
So many phishing emails pretending to be employees that want to change their banking info. We use Dayforce and have it locked down so that banking changes need to be approved by a Cliet Admin Role, in case an employee’s account gets compromised. We also ask for a EFT form or void cheque as backup.
The most we have in fraud are outside agencies attempting to change employees bank accounts.
They tell us they need to update their deposit info and what would we need to do that. We now make all changes go thru HR on a validated bank form. Changes also must come from our inhouse address not a personal email address.
We did get caught once and by the time we new and pulled the deposit back they had already closed the account. we lost…
E.g. suggest additional content or a new source, ask a question, etc.
E.g. grammar error or typo, broken link, incorrect data, etc.
Only fill in if you are not human
Gain full access to The 17th Floor.Still wondering why join?