Prevent Payroll Diversion within your business

Payroll Diversion is one of the latest tactics used by cybercriminals to illegally obtain funds. Who are the victims of these attacks? Your employees.

Hands typing on a laptop with graphical icons overlaid

Direct deposit has become the standard for how your employees receive their paychecks. It saves paper, time, and money, so why wouldn’t you do it? Unfortunately, with cybercriminals constantly looking for weak links and areas to exploit, fraudsters have now started targeting company payroll sites in order to steal employee paychecks.

How it starts:

In order to gain access to your employees’ income, cybercriminals will usually use the following tactics:

  1. Create a phishing email that utilizes the payroll website’s logo, or even your company’s own logo, that prompts the employee to enter their payroll log-in info.
  2. Once the information is entered and sent, the scammer will then log into the employee’s payroll account and edit the account number where direct deposits are received. The scammer will change it to their own private account, which is typically a prepaid card.
  3. After the account location is changed, the scammer will usually turn off notifications, or edit where updates are sent, so the employee isn't aware of when or where paycheck deposits are being made.
  4. Each time a paycheck or payment is made, the scammer will receive the funds in their own account.

Payroll Diversion can cost companies and employees large sums of money. To prevent Payroll Diversion within your workplace, educate your employees on this scam and use these techniques to increase your payroll security.

Tips to prevent:
    1. Treat emails with suspicion and hover on hyperlinks. The unfortunate reality of this scam, is it can target employees inside and outside of the workplace. Scammers may send the email to an employee's personal inbox, meaning any flags or security measures you implement on company inboxes will not protect any of your employees’ external addresses. Caution your staff to pay close attention to any emails received from alleged payroll companies asking for personal or login information. If they receive an email linking them to a "login portal" or "informational form" train them to hover over the hyperlinks to check if it's directing them to a legitimate website.
    2. Set security standards. Establish a set of security guidelines within your workplace that clarifies what communications your employees will receive from the company and what they can expect from the payroll process. This might include:
      • ABC Company will never email you requests for personal information.
      • ABC Company will require login credentials, which differ from the payroll portal login, for company surveys, RSVP portals, and any other miscellaneous purposes.
      • Notifications on direct deposit must be requested by the employee at No notifications or updates will be sent to employees unprompted.
      • If an employee receives an unprompted email with a different address or irregular design that they suspect is a phishing email, the email should be forwarded to

Stay skeptical behind the scenes.

  1. You, as a business, should take preventions against payroll diversion. This may include:
    • Closely monitoring when employees update their direct deposit information and create multiple levels of verification.
    • Keep an eye on employee logins that occur outside of your business hours.
    • Instruct employees to forward phishing emails to a specific inbox so you can monitor and advise your employees on what emails are legit and what is fake.

Educating your employees on Payroll Diversion is one of the best ways to secure your business against this scam. But as cyberthreats evolve, it is important that you maintain your businesses security standards.

Check out our Security Center to learn more helpful tips!

The information provided in these articles is intended for informational purposes only. It is not to be construed as the opinion of Central Bancompany, Inc., and/or its subsidiaries and does not imply endorsement or support of any of the mentioned information, products, services, or providers. All information presented is without any representation, guaranty, or warranty regarding the accuracy, relevance, or completeness of the information.