How to Protect Yourself Against 3 Scams Targeting Payroll Providers

Wednesday, July 03, 2019

Cybersecurity has taken center stage as companies combat a myriad of threats in the digital era. For the payroll industry, this means anticipating the latest methods of cyberattack and staying one step ahead in protecting the business and its clients from potential breaches.

A recent white paper from CyberPay, a secure payroll software provider and partner of FBG subsidiary Payroll Tax Management, cites a 2018 report from the FBI’s Internet Crime Complaint Center that shows financial losses from “internet-enabled theft, fraud and exploitation” of more than $2.7 billion in 2018. While the report does not break out losses specifically to the payroll industry, news accounts and the white paper lay out a few types of attacks targeting the payroll industry:

Ransomware Attacks

Ransomware is a form of malware typically spread through malicious spam emails containing links that, when clicked, prevent users from accessing their files until payment is made. These attacks most often target professional service firms, costing them billions of dollars each year.

In February of this year, a ransomware attack on a major payroll provider made headlines, highlighting just how dangerous this type of attack can be. The company, a cloud-based payroll software company, took all systems offline for more than 24 hours until it ultimately paid an undisclosed ransom, only to receive damaged files and broken directories.

Payroll Imposters

When a payroll service is targeted, an “imposter” scam often involves the impersonation of an employer who needs payroll service. According to a London-based research institute, imposter attacks are becoming more prevalent in business, with over 50% of companies now dealing with regular imposter attempts.

Imposter scams of all types accounted for losses of nearly $488 million in the U.S. last year and were the single largest category of consumer complaint to the Federal Trade Commission for the first time. The increase was driven in part by a rise in scammers pretending to be government representatives, the FTC report says.

For payroll providers, red flags for this type of attack include a business that is brand new, a weekly payer, and a message that conveys urgency. These imposters often email their target directly or complete a form requesting payroll, according to the white paper. They also typically use correct payroll terminology but have personal, rather than business, bank accounts, the white paper says.

ACH Fraud

Automated Clearing House (ACH) fraud can occur in a variety of ways and is often combined with another cyber threat such as spear phishing emails or keyloggers, a type of surveillance technology that records keystrokes. Through these methods, scammers are able to access credentials to set up an ACH file to drain funds or establish fraudulent automatic bill pay recipients. Since the ACH system can include many unfamiliar users, it is important to regularly verify identities to prevent such attacks, the white paper says.

Payroll Industry Protection

There are many ways to prevent these types of attacks from occurring in the payroll industry. Recommendations include:

  • Password protect all devices and accounts - and change passwords frequently.
  • Keep an ‘off-site’ backup of important documents and files.
  • Never enter login credentials into a site from an email link or attachment.
  • Rely on human interaction to verify the details; don’t use email, pick up the phone.

To learn more, download CyberPay’s white paper: Understand and Prepare for Internet Crimes Targeting Payroll Providers.

A Symbiotic Partnership for the Payroll Industry

As part of FBG’s commitment to solving problems for our clients in the payroll industry, our sister company Payroll Tax Management has partnered with CyberPay to offer additional solutions, consolidating resources and providing a secure, reliable payroll ecosystem. As leaders in the payroll industry, each company brings a unique wealth of expertise to the partnership and robust security measures that include:

  • CyberPay’s robust SSL encryption and use of Microsoft Azure to ensure security.
  • A $50 million Crime Bond

At FBG, we are committed to practices that keep our clients safe and worry-free. This partnership offers a cutting-edge integration with CyberPay software, allowing clients to easily use secure, cost-effective ACH direct payroll services handled by industry experts. For CyberPay clients who need full-service help with their taxes, it’s fast and easy to upload files to PTM for full-service payroll tax management.

The partnership between FBG and CyberPay optimizes cybersecurity protections and provides clients with a centralized, safe system of payroll services.

To learn more about the solutions provided by the FBG family of companies, visit our website at Payroll Tax Management, or click on the link below.

Photo: A 2018 FBI report cited in our partner CyberPay's white paper shows cybercrime-related financial losses of of more than $2.7 billion.

FBG Company Blogs

Blog Search