Topical Press ReleasesDecember 19, 2022

Payroll Phishing Scam

Your payroll could be the target of the next Payroll Phishing Scam

Phishing scams are on the increase, and could cost your business tens of thousands if you fall victim to one.

The scams usually come in the form of emails, and are specifically targeted at the payroll department or the person responsible for paying employees’ salaries.

According to CRS Technologies General Manager Ian McAlister, organisations that have adopted a remote or hybrid working model are particularly vulnerable to these scams, as home internet connections are less secure than those at the company’s physical location.

Furthermore, the scammers have no particular preference over who they target – all organisations are at risk of attack, regardless of the industry in which they operate or the size and type of the business.

“There are two versions of the scam,” McAlister explains. “In the first scenario, the scammer impersonates an employee and asks that their banking information be updated with new details provided. They usually also request that a payslip to be sent to them as well, but this is merely another ploy to obtain the employee’s personal information so that they can steal their identity.

“The second scenario involves the scammer posing as a senior company executive and demanding that an EFT be made to a specific account.”

The scammers cleverly mimic the impersonated sender’s style of writing so at first glance the email appears to be authentic.

“It’s only when you take a closer look that the tell-tale signs of a scam start to become apparent,” says McAlister. “These are very subtle and can be easily missed if the recipient is not vigilant.”

Look out for one or more of the following:

  • The font used is not the same as that typically used by the company.
  • The email includes spelling mistakes and grammatical errors.
  • The ‘employee’ no longer works at the company or their job title is incorrect.
  • The sender’s email address is either a Gmail account or is slightly different from the company’s email domain. For example, the letters may be rearranged, an underscore character is used instead of a hyphen, or one of the letters has been replaced with another. There may also be a mismatch between the ‘employee’ and the email address.
  • There is an implied sense of urgency in the email.

SARS scam

McAlister cites yet another scam that employers need to be aware of. This involves an email or SMS purportedly sent from the South African Revenue Service (SARS) in which the recipient is informed that they are eligible for a tax refund. The message usually includes a link to a fake SARS website and is intended to fool taxpayers into providing their banking details.

Anyone who receives a questionable email or SMS should immediately report it to their IT department, McAlister advises. “If you’re uncertain about whether it’s a scam, always assume that it is.”

He strongly recommends that companies take the time to educate their staff – and especially their payroll teams – on how to spot phishing scams. Additionally, any requests for electronic payments to be made, or that banking details be changed should be verified before being processed. This should be done verbally or via a communication medium other than email, such as Whatsapp or SMS.

For their part, IT teams need to ensure that their systems are up to date with the latest security software and patches and that all sensitive company information is encrypted.

“Being proactive and alert, educating your employees and following a few basic rules will protect your business from financial losses that could have been avoided,” McAlister concludes.

For more information, contact us

2024/2025 Tax Guide

Download your copy of the CRS 2024/2025 Tax Guide

    This will close in 0 seconds

    We use cookies to ensure that we give you the best experience on our website.