FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Partner Site Disclaimer

By accessing the noted link you will be leaving our website and entering a partner site which is hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of our website. We encourage you to read and evaluate the privacy and security policies of the site which you are entering, which may be different than those of ours. 

Continue to External Website external-link icon
July 28, 2025

Protect Your Business: The Growing Threat of Payroll Diversion Fraud

As a business owner, you work hard to protect your company's assets and ensure your employees are paid accurately and on time. However, cybercriminals have developed sophisticated schemes specifically targeting your payroll systems, putting both your business and your employees at risk.

What Is Payroll Diversion Fraud?

Payroll diversion fraud occurs when cybercriminals impersonate your employees to redirect their paychecks into accounts controlled by fraudsters. This type of Business Email Compromise (BEC) attack has become increasingly common and costly for businesses of all sizes.

Recent examples we've seen: A company received an email from what appeared to be an employee requesting to switch from paper checks to direct deposit. The request seemed legitimate, but the employee's email had been compromised. Three weeks passed before the real employee realized their paychecks weren't arriving.

Another business received a direct deposit change request that appeared to come from a trusted employee. The fraudster had researched the company's payroll schedule and used urgent language about needing the change processed immediately to avoid missing bill payments.

How These Scams Work

Payroll diversion attacks follow a predictable pattern. Cybercriminals first research your company to identify employees with payroll access and select targets to impersonate. They study your payroll systems, pay schedules, and company communication patterns.

Next, fraudsters gain access to employee email accounts through phishing attacks or create convincing look-alike email addresses using similar domain names. The fraudulent email appears to come from a legitimate employee requesting payroll changes. These emails are sophisticated—they contain no suspicious links, use appropriate company language, and often include urgent requests tied to personal financial needs.

Once the payroll change is processed, funds are immediately transferred to prepaid cards or gift cards, making recovery nearly impossible.

Warning Signs to Watch For

Red flags in payroll change requests include:

  • Urgent language about immediate financial needs or requests received outside normal business hours
  • Slight variations in email addresses, unusual formatting, or language patterns
  • Requests for changes close to payday or asking to bypass normal verification procedures


Essential Protection Strategies

Implement Strong Verification Protocols

Always verify payroll changes through multiple channels. Require in-person verification for direct deposit changes, call the employee using a known phone number (not one provided in the email), and establish a waiting period between request and implementation.

Strengthen Security and Employee Education

Enable multi-factor authentication on all email accounts and payroll systems. Train all staff on recognizing social engineering tactics and create clear policies about payroll change procedures. Educate employees about not sharing personal information via email and regularly update training as new threats emerge.

Use Technology Solutions

Implement secure email gateways to scan for suspicious messages, restrict access to payroll systems to essential personnel only, and monitor for login attempts outside normal business hours.

If You're Targeted:

Take immediate action if you suspect fraud: Contact us immediately to attempt fund recovery, notify the employee whose identity was compromised, change all potentially compromised passwords, document all evidence, and report the incident to the FBI's Internet Crime Complaint Center (IC3).

Your Financial Partner in Fraud Prevention

At Northern Bank, we understand that protecting your business goes beyond traditional banking services. We're committed to helping you stay ahead of evolving threats while maintaining the smooth operation of your payroll systems.

Our business banking team stays current on the latest fraud trends and cybersecurity practices.

Remember: A few minutes of verification can save thousands of dollars and protect your employees' financial security.

For questions about implementing stronger payroll security measures or if you suspect your business has been targeted, contact our business banking team. We're your partners in building a secure, successful business—because your success is our priority.

Stay informed about the latest security threats and business protection strategies by following Northern Bank's business resources and connecting with our experienced business banking professionals.

Latest Posts

About Northern Bank & Trust Company

Northern Bank is a full-service bank dedicated to providing practical, common sense financial solutions to help our customers live their lives and grow their businesses. From deposit products to loans to payment and collections services, we work hands-on with our entrepreneurial customers, both locally and across the country, to provide the financial support they need to realize their personal and business goals. Founded in 1960, Northern Bank has assets of $3.22 billion with 12 locations serving communities throughout Middlesex County. Northern Bank is a Member of the FDIC, and an Equal Housing Lender.

 

Ready to take the next step?
We're here to help!

Contact us now to learn more about how Northern Bank can help you realize your goals and dreams. 

Contact Us