RE: Direct-Deposit Scams
July 9, 2019


Dear Colleagues,

The number of Cyber-crimes perpetrated against businesses continues to increase at a steady rate. Just last year, the FBI reported a rise of 136% in business scams from December 2016 to May 2018, which in turn contributed to total business losses in excess of $12.5 billion since 2013.

Like a W-2 scam, the direct-deposit scam is a business email compromise (BEC)/ business email spoofing (BES) tactic; however, this particular scam attempts to lure victims into changing an employee’s direct-deposit information in order to steal funds. The FBI warns organizations, especially those in education and healthcare, to be mindful as the online payroll accounts of their employees are being targeted.

Direct-deposit scams are notorious for using free email services such as Google or Yahoo under the name of a high-profile employee — most often an executive. The perpetrator usually targets Payroll or HR and uses casual conversation to lure victims into replying without paying attention to the “From” field. The risk is even greater for those that use cell phones because the “From” field is not visible by default.

As with most phishing attempts, including gift card scams, the finagler often portrays a sense of urgency. Similarly, they prevent victims from contacting them directly by claiming to be in a meeting or have inadequate phone coverage.

Conversely, unlike other phishing scams, direct-deposit scams are often well written and have few grammatical or typographical errors.

Businesses should be aware that direct deposit and W-2 scams account for just two forms of BEC/ BES. Fake invoice requests, wire transfers requests, and mortgage escrow fraud are also quick-payoff schemes that fall under this umbrella.

To protect yourself from becoming a victim, the FBI offers the following tips:

  • Do not supply log-in credentials or personally identifying information in response to any email.
  • Hover your cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
  • If the email is received when you are at work, forward suspicious requests for personal information to the information technology department.
  • Use unique log ins and passwords for each website you utilize.

If you receive one of these emails, the FBI offers the following advice:

  • Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by going to
  • If you receive tax-related phishing emails, forward those to IRS cybersecurity professionals monitor this account, and this reporting process also enables the IRS and its Security Summit partners to identify trends and issue warnings.
  • If you are an employer impacted by the form W-2 scam, forward the email to and complete Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.
  • If you are an employer who received a form W-2 scam email but was not impacted (meaning you didn’t click or respond), forward the email to