Cybersecurity frauds are targeting direct deposit payroll at local governments

A red fraud button on a computer keyboard.Local governments should ensure they protect against cybersecurity frauds in which an employee’s direct deposit payroll gets redirected to a fraudster’s bank account.

In this type of fraud, the fraudulent request to change the bank account uses the government’s change form that is emailed or mailed to payroll. In other cases, the fraudulent request is made in an email that looks like it is from the employee’s email account. The fraudulent bank accounts are frequently associated with out-of-state or internet banks.

We recommend that any request to change a direct deposit bank account include an in-person or verbal verification with the employee before the change is initiated.

We caution you to NOT use email to verify a change request; in some cases, the employee’s email account has been compromised and the fraudster intercepts and responds to the emailed verification.

If your government is a victim of this fraud, you are required to report it to the Office of the Washington State Auditor at portal.sao.wa.gov/saoportal/public.aspx/LossReport.

We also recommend reporting it to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov/complaint/default.aspx