Say what you will about the old-school con artist, but at least they had the decency to look you in the eye when they were stealing your money. Sure, no one likes to be taken by the Pig in a Poke or the Spanish Prisoner, but at least you’re present for the scheme. In today’s online world, there are plenty of money scams that allow criminals to pick your pocket without coming anywhere near your actual pocket. That’s right, there’s an abundance of scammers out there who have worked out ways to steal from your paycheck before you even get a chance to see any of that money yourself.
Most of the schemes are variations on the same theme — convincing your accounting department to send your paycheck to a different bank account — but each includes a different approach you need to be wary of. So, here’s a look at some of the check scams someone might be trying to pull to get your hard-earned money before you even get a chance to deposit it.
Emailing the Accounting Department as You
This fraud is pretty simple. Someone working in your payroll department gets an email from a name they clearly recognize — usually the CEO or another executive with a big paycheck to steal — asking them to make a quick update to their direct deposit information. It’s usually from a Gmail account, but one that prominently features their name so it looks like this person is just using their personal account. Sure enough, the email is fraudulent and the updated direct deposit information will reroute your next paycheck to the scammer’s account rather than yours.
How To Avoid This
Of course, there’s only so much you can do here. If your accounting department isn’t savvy enough to spot the scam, you wouldn’t have any clue something was wrong until payday rolled around and wound up being, well, not payday. However, something as simple as checking in with the people handling payroll to make sure they’re aware of the scam and keeping a lookout should help. Not to mention, you can make sure you let them know what your personal email address is so they’re not fooled, or even just make it clear that you will only ever use your business account to change your direct deposit information in the future.
Stealing Your Credentials and Emailing the Accounting Department as You
Of course, the same scam is all the more effective if the email is sent from your actual work account. As such, a variation on a standard phishing email might be used to steal your login and password for your work account. You might get an email asking you to log into your email account or to just enter your credentials, most likely claiming to be some sort of innocuous request from a tech person or a third-party system managing the email system. However, it’s a front, and once they log into your business email account, there’s no way your company can know it’s not actually you.
How To Avoid This
This is a flip of the situation prior: now it’s your accounting department that’s largely powerless while you have to be the one on guard. Be extremely skeptical of any email from a source you don’t recognize or haven’t corresponded with before that’s asking you to enter login information. For that matter, you can always ask your coworkers about it. If they haven’t received the same email or haven’t heard about this from management, you probably have a fake. If you want to be extra safe, you could also inform your accounting department to always double-check with you via phone or a personal email address before making any changes to your direct deposit information.
Spoofing a Third-Party Site
While phishing emails are all well and good, they have also become increasingly familiar to more and more people. As such, some scammers opt to layer additional deceit on top of it to fool their marks. In this variation, the con artists build a fake website that’s meant to mimic a third-party company servicing your firm. They will ask you to visit the site, where you would be prompted to enter your login information for your work email or a human resources portal. Once they’ve stolen your credentials, they can pose as you and change the bank account listed for your direct deposit. In some cases, they might even be able to build the site to mimic the landing page of a company that actually does work with your employer, making it all the easier to believe it’s legitimate.
How To Avoid This
Most companies are outsourcing to third-party sites for a wide variety of services these days, so it can get a little hard to remember precisely which name corresponds to which aspect of your benefits or salary. Any time you’re directed to a third-party website, be careful to check the URL for anything suspicious. Scammers might mask their work by using familiar names with slight alterations that you might miss — like a slight misspelling or swapping a .com for a .co. It’s also worth taking note of the URLs you use when you know it’s legit so you’ll have a better idea of when something’s off.
If you’re thinking that simply skipping out on direct deposit entirely will make you safe, you’re only half right. While scams involving direct deposit and email fraud are relatively new, good old fashioned mail fraud is still an option if you opt to have your check mailed to you. If you’re a remote freelancer or just work at a company that issues checks by mail, you’re still vulnerable to all of the above scams. Instead of changing your bank account information, fraudsters can change the address you have with your company to intercept your check. Or if they want to avoid making it too complicated, they might just try stealing it out of your mailbox.
How To Avoid This
If it’s possible not to rely on the mail for your paychecks, that’s probably a good idea. While there’s an abundance of new schemes for getting to your direct deposit, you’ll have an easier time identifying when something’s wrong. If you’re waiting on the mail for a check, it might be an extra few days before you even realize something is wrong. That said, you can always insist on your accounting department confirming an address change with you in person and/or get a P.O. box to ensure the physical safety of your mail.
Posting a fake job online is another way to steal your pay — albeit in a very different way. With more people telecommuting or working remotely, a new economy is arising in which face-to-face interactions might not happen very often — allowing scammers to take advantage of digital freelancers searching out opportunities.
Here’s how the scam might play out:
You’re searching for a side hustle or work-from-home opportunity on Craigslist when you come across a posting for a small, independent company looking to hire someone for help in their accounting department. They explain that they do a lot of international work and need a point person in the United States to handle the flow of cash, so the job would just be a matter of getting checks in the mail, depositing them in your account and then wiring the money to the company’s main account.
Of course, the goal here is just to get you to do this once. The first (and only) check you receive is fraudulent, and they’re counting on you to execute the transfer well before the bank detects the bogus check. By then, it’s too late to stop or reverse the transfer and you’ve been duped out of thousands of dollars.
How To Avoid This
Taking some extra time to confirm the legitimacy of the company you’re working for should be a part of any job application. There should be some sort of online footprint for any firm, even a small one, so using Google to track down a website and address should be a minimum hurdle to clear. From there, putting in a call can be a great way to weed out the fakes as they will at least have to maintain a fake number and put a person on the phone with you. And finally, any situation where someone is sending you a check and asking for a wire transfer prior to you confirming the check has cleared is probably a scam, regardless of how they approach you.
Your tax return is money you’ve worked for and earned, so efforts to steal it are another form of stealing your paycheck. As such, the classic W-2 scam is another way your hard-earned money can be secreted away before you know it. The scam involves contacting someone in human resources — usually posing as an important member of the company — with a request to send over all or some of the company’s W-2 forms via email. If the employee bites, the scammer can now use the tax information to file fake returns that will route the money to bank accounts controlled by them. As long as they can get their fake returns in and cleared prior to you starting your tax-filing process, it could be months before anyone notices the deception.
How To Avoid This
Unfortunately, your capacity as an individual to prevent a scam like this is pretty limited. Part of the genius of the scam is that there’s relatively little that would raise a red flag until it’s too late, and you wouldn’t have an opportunity to spot it yourself until well after it’s happened. You can and should raise concerns with human resources at your company to ensure they’re familiar with the scheme and how to spot it.
Free WiFi Scam
You’ve most likely been in a situation where you’re happy to use the free WiFi at an airport or coffee shop, but you should know it does come with some risks. In fact, even when you’re using legitimate WiFi connections, your computer or device is vulnerable. That’s all the truer when it’s a fake WiFi account specifically intended to infiltrate your computer.
By setting up WiFi connections with generic names that include “free” in public places. When you try to sign on, it might prompt you for credit card information, or the hacker might just insert themselves between you and the network to intercept log-on information. They could even use it to get access to your computer and install spyware. Regardless, if they steal the right information, they should be able to easily pose as you and contact your job to direct your paycheck to their account.
How To Avoid This
Keeping your computer as safe as possible is the first step. If you’re in the habit of taking your laptop anywhere public, be sure you have antivirus software and a good firewall. That should help protect you from a whole host of threats, not just WiFi scams. You can also better protect yourself by practicing good password security that uses complex passwords that are different for each account. And finally, you can always invest in a good VPN to encrypt information coming and going from your computer, keeping you safe even when you’re on a public network.
Regardless of how it gets on there, if scammers can manage to install spyware on your computer, they can just take their time mining your life for data that they can ultimately use to steal from you. This includes getting enough information and access that they have an easy time tricking your job into routing your paycheck to the wrong place. Once it’s on your computer, your entire financial life could be exposed without you realizing until it’s far too late.
How To Avoid This
Getting spyware onto your computer is the trick, but there’s plenty of online activity that can put you in danger. Most spyware needs you to approve a download, so you should scrutinize any pop-up or prompt you receive on a website and don’t click unless you can be very confident it’s legitimate. Likewise, don’t open attachments or click on links you receive via email unless you’re really sure of the source. If it’s questionable, it could easily just be a ploy to get access to your data. That also means downloading movies or music of, ahem, questionable legal status is putting you at risk of getting something else along with your advanced copy of the new”Joker” movie.
Of course, you might also be at risk if you ever leave your computer sitting out in a public place. When you’re at a coffee shop and need to hit the bathroom, be sure your computer is locked to access from anyone else. Even if you’re just stepping away for a minute, someone could be sitting nearby waiting for an opportunity to quickly install something they’ll use to steal your identity and possibly your paycheck.
More From GOBankingRates