As the festive season approaches, so does the unfortunate uptick in direct deposit scams. Cybercriminals are capitalizing on the holiday rush, targeting individuals and organizations with deceptive schemes designed to compromise financial information.

Here’s what you need to know:

  • Scammers are targeting payroll and HR contacts of businesses.
  • Payroll and HR departments are receiving emails that appear to be from a legitimate employee requesting that their direct deposit account be changed. In some cases, the scammer may even have your company’s Direct Deposit form attached to the email.
  • Money is deposited on the next pay day to the fraudulent account nd the scammer withdraws the funds immediately.
  • Once the funds have been withdrawn, the money cannot be recovered.

Steps you can take to safeguard yourself and your employees against this type of fraudulent activity:

  • Call the employee to verify that the email actually came from them.
  • Update your company’s direct deposit policy to not accept direct deposit changes via email.
  • Consider using employee self service functionality within Inova HCM to allow employees to login and update their own direct deposit information.
  • Examine your policy for publishing email addresses and employee contact information on your website. Such information can offer potential scammers easy access to information they can use to pose as legitimate employees and advance their deceptive activities.

If you encounter a potential direct deposit scam, please report it to your employer, financial institution, or the appropriate authorities. Timely reporting can help prevent further attacks and protect others from falling victim.

Guidance from the IRS

According to the IRS, scams like these fall under the category of Business Email Compromise (BEC) and Business Email Spoofing (BES) and are closely monitored and investigated. Individuals are encouraged to forward copies to the relevant investigative branches.

For general non-tax related BEC/BES email scams, forward them to the Internet Crime Complaint Center (IC3), monitored by the Federal Bureau of Investigation.

Tax professionals and others should report tax-related phishing emails to, which is monitored by IRS cybersecurity professionals. This reporting process also helps the IRS and Security Summit partners to identify trends and issue warnings.

Share This Story