Don’t Fall Victim to Scams Targeting Payroll and Vendor Payments!
- Updated: August 23, 2023
- Published: September 30, 2022
- | 3 minute read
Recently one of our clients received ostensibly “new” banking information for a vendor payment in a suspicious email.
“Happy Monday!” the phony email read in an apparent attempt to disarm the client. “Effective immediately, [vendor] will be working with a new bank. All invoices starting with the next one and going forward will be payable to this new account.” The email contained an attachment with the “new” bank account number with the vendor’s logo so it looked legit.
In a second incident, a similar scam was attempted but they hacked into the vendor’s email so it was more difficult to detect. When the company called the vendor to verify the change in bank info, they left a voicemail. The problem was that since the vendor’s voicemail transcriptions were sent to the hacked email, it was the fraudsters who called the company back to confirm the phony bank information.
Still other companies we represent often receive payroll requests that look suspicious. “I can access the company payroll portal, but keep getting an error message,” stated one email. “Can I just forward you a voided check or my new account details for you to update before the next pay circle (sic)?”
The High Cost of Falling for Scams
The scams are costly. The Washington Post reported recently that “a dual citizen from Britain and Nigeria has been extradited to face charges of defrauding Virginia Commonwealth University of nearly $470,000 through an e-mail scam in 2018.”
How We Keep Our Clients Safe at Juna
Thanks to the diligence of the Juna team and the security measures we’ve implemented, none of our clients have fallen prey to these scams. We take the need to protect our clients’ finances very seriously. Here are some of the procedures that protect our clients.
EDUCATION: We educate our team about possible scams, stress the importance of keeping client banking information secure, and encourage them to be skeptical of requests to change payments.
SECURE EMAIL: Email security is the first line of defense for our team and our clients. Our internal procedures prohibit the Juna team from attaching documents to email messages. We send any documents through our secure portal, ShareFile. We advise our clients to do the same.
TWO FACTOR AUTHENTICATION (2FA): We require two factor authentication on our email accounts in addition to all of the applications we use. We also use a password manager to secure and protect passwords and there is 2FA on the password manager.
SECURE PORTALS: We leverage the portals provided by applications like Bill.com and Gusto. These portals allow vendors and employees to securely add and update their banking information directly and stay in control of their data.
LIVE CONFIRMATION: When we receive payment instructions, we contact the vendor to confirm it with them verbally. We call the number we have on file for the vendor or do a Google search and DO NOT rely on the number in the email. We don’t leave voicemails or send emails, both of which could be hacked.
When confirming changes, we always ask vendors to identify both old and new account information. The vendor should provide the information without assistance.
IT EXPERTS: Our IT team establishes and maintains an up-to-date system security protocol, ensures operating system updates are installed regularly, and monitors e-mail spam filters.
Other Tips to Consider
POSITIVE PAY or DEBIT BLOCKERS: A banking feature called Positive Pay allows you to restrict payments to only those authorized in advance. This means that every time you make payments, you send a file to the bank with a list of payments that are okay to make. Debit blockers restrict payments to specific vendors you authorize in advance. These can be somewhat of an administrative burden, so as with all security measures, the decision to implement is a balance between security and convenience.
VIRTUAL CREDIT CARDS: Credit card companies like Brex and Ramp allow you to generate virtual credit card numbers with a unique number for each vendor. This works well for subscriptions and other recurring charges. If a card number is compromised, it limits your exposure, and it’s a simple process to cancel the virtual card and generate a new one.
Remember, fraudsters are continuously devising new tactics, so vigilance and common sense are crucial. With the right procedures and safeguards in place, you can significantly reduce the risk of falling victim to scams targeting payroll and vendor payments.
Share this article:
Related articles:
Other Topics
Recommended articles:
About Juna:
At Juna, we are more than just an accounting firm. We are your trusted partner on the path to financial success. With our expert team of dedicated professionals, we are committed to providing top-notch accounting services that will empower your business to thrive.