by ADP Canada team
We want to help guide you through navigating an ever-changing landscape. To help keep you safe, ADP is cautioning clients to be aware of email fraud campaigns affecting organizations of all sizes. Payroll practitioners are being targeted by email, where the email appears to come from an existing employee who requests that their banking information be updated with a new account number. The employee’s pay is then redirected to a fraudulent bank account. Once the next pay is processed to the fraudulent account, it is withdrawn by the fraudster, often before the affected employee is aware that they have not been paid.
We want to advise practitioners, and clients in general, to be aware of the threat by email fraud. We recommend that you implement Two-Factor authentication as a precaution. We can suggest two examples of what two-factor authentication would look like in this scenario, either:
- Request a password/pin from the email sender, or ask the sender to verify specific personal information – like the old account number or address / birth date;
- Call the employee by phone to verify that they wish to have their account changed.