Payroll and direct deposit fraud has gained ground, most recently spotlighted in continued developments tied to MyPayrollHR, which shuttered operations suddenly this past week and where millions of dollars have gone missing. Change a few codes, and funds get diverted to fraudsters’ bank accounts — and now, the chase is on.
So now, the investigation deepens and broadens, with payroll fraud under the microscope.
News came at the end of the week that the Federal Bureau of Investigation and the New York State Department of Labor are investigating the allegations swirling around MyPayrollHR, which abruptly shut down earlier in the month — and where the allegations center on whether the company diverted millions of dollars into its coffers that should have gone to employees.
As reported by NBC News, the investigations were confirmed, separately, by spokespeople for the FBI’s Albany, New York office and the labor department.
The investigations are the latest wrinkles in a story that continues to develop after several employees small businesses said they did not get paid. Direct deposit company Cachet Financial Services, which handles direct deposit transactions, said that $26 million was diverted to MyPayrollHR accounts.
In one example reported by the news site said that thousand of employees at Shafran Realty Group, based in California, were alerted that bank accounts were “drained” of the amounts of their paychecks Overall, 4,000 companies that used MyPayRollHR were affected by the actions of MyPayrollHR, according to reports.
In terms of mechanics, at the beginning of the month, MyPayrollHR submitted what were termed “usual data files” for employee compensation — and where funds would have been placed in a Cachet account for disbursement. However, this time around, according to the reports, codes were changed to divert funds to an account controlled by MyPayrollHR.
Cachet general counsel Wendy Slavkin told the site that direct deposits had been initiated to pay the companies that used MyPayrollHR for payroll services. The funds were not available, the MyPayrollHR account frozen — and in the meantime, Cachet has been working with banks to cover employee paychecks until monies can be recovered from the shuttered firm or from Pioneer Bank, which had the account that was controlled by MyPayrollHR, she told the site.
“It’s basically Cachet’s money used to pay thousands of employees across the country,” Slavkin said. Pioneer Bank, in turn, has pointed to a filing with the Securities and Exchange Commission this week that referenced $19 million in deposit activity that could be linked to “potentially fraudulent activity.”
As noted earlier in the year, security research firm Agari, efforts are “ramping up” wherein criminals look to “divert payrolls” in various scams, especially tied to senior executives. As reported in this space, the funds are being siphoned off in attacks that mislead human resource (HR) professionals.
Agari said the payroll diversion scams are on the rise and are gaining traction as a result of social engineering. “Unlike traditional [business email compromise (BEC)] attacks, which are starting to raise red flags with financial institutions, payroll diversion attacks eliminate the interaction with banks because it is a direct deposit instead of a wire transfer,” said Crane Hassold, senior director of threat research at the firm in January.
In another high profile incidence of payroll fraud, this past July, Cleveland based KeyCorp disclosed a massive instance of fraud that could potentially cost $90 million. Regulatory filings and reports stated that the customer involved in the scam is Interlogic Outsourcing, which processes payrolls and is based in Elkhart, Indiana. The bank filed a suit against the company on July 9, claiming that Interlogic “fraudulently initiated wire transfers” and that Interlogic CEO Najeeb Khan knew there weren’t sufficient funds to cover the transfers.