- Download PDF Version available for use with email and print distribution.
To: Business Managers and payroll administrators
From: Shannon Wiggins, HRMS Analyst, Office of Human Resources
We have been notified several locations recently have received emails which appear to come from an employee asking them to change his/her direct deposit information in Paychex. The emails appear to be valid at first glance, even sometimes coming from their internal email server, however, these emails are bogus.
If you receive a request via email to make a direct deposit change:
- Do not reply to the email.
- Contact the employee via phone or in person and verify if the request is legitimate.
- The employee should complete a new Direct Deposit form and provide a voided check copy of the new bank account for verification and accuracy. These should then be uploaded into Paychex under Employee Documents.
- Explain to the employee that their email may have been compromised and they should consider changing their passwords and security questions.
- Notify your IT department that there may have been a breach on the parish/school side.
These scams serve as a reminder that we shouldn’t make it a common practice to update any information without using the standard forms we have in place to fit these purposes i.e. – Employee Information Change Form.
There are numerous tips and tricks your IT professionals should be aware of and should be able to share with you. A couple of examples would be to ensure passwords and login credentials are kept confidential (not shared amongst employees), and to educate your staff about cybersecurity threats (such as phishing emails). Below are a couple of links for example, that offer some great “best practice” tips to consider:
If you haven’t done so already, please sit down with your IT group and devise a “protection plan” keeping in mind as many of these points as possible.