Prevalence of phishing schemes have prompted warnings of cybercriminals defrauding organizations by impersonating vendors and employees, hacking email accounts and self-service portals and accessing vendor payments and payroll direct deposit accounts. The scenarios are as creative as a choose-your-adventure in fund diversion. Fraudsters are always ready to apply a different spin on old deceit.
Baker Tilly’s state and local government specialists have become aware of recent cases of payroll direct deposit fraud that follow a malicious playbook of low and high tech trickery. Posing as a government employee, the scammer contacts the payroll/HR department to request payroll direct deposit bank information changes. The scammer receives a payroll change form, falsifies the form and supplies a personal check with a new account and bank routing number. The payroll changes are executed without further thought – until the employee realizes they have not been paid.
When state and local governments unwittingly process fraudulent changes, the perpetrators syphon payments from legitimate, approved invoices and payroll direct deposit accounts – while the real employees and vendors go unpaid. On top of everything it takes to effectively run governments, staying ahead of fraudulent criminal activity is of critical importance.
In past insights on fraud vulnerabilities and preventative strategies, Baker Tilly has discussed the opportunities weak internal controls breed for occupational fraud and common vendor fraud schemes perpetrated upon governments whose public and transparent nature makes them particularly susceptible.
Due to the high degree of public transparency, an abundance of governmental vendor and employee information is available online – from meeting minutes to contact directories to vendor contracts. This is a goldmine for fraudulent actors on the prowl for documents and information to leverage for criminal gain. In this veritable fraudster’s paradise, governments get stuck with the financial and reputational repercussions.
Such fraud schemes target weakness in the process of changing employee and vendor information. Governments can go a long way toward protecting their entities and employees by following these recommendations:
During an evaluation of your government’s anti-fraud internal controls, consider if the following measures are in place to adequately prevent the occurrence of payroll direct deposit, vendor or other change information fraud:
Fraudsters will continue targeting governments for their criminal schemes. Municipalities and other governmental entities can take a proactive approach to reducing susceptibility to payroll direct deposit fraud, vendor fraud and other forms of change information fraud. Conduct a robust risk assessment, regularly review internal controls and install new controls where needed, and educate employees. Through these efforts, governments can prevent, mitigate and identify fraudulent activities to avoid or lessen financial and reputational consequences.
For more information on this topic, or to learn how Baker Tilly state and local government specialists can help, contact our team.