A number of TIAA clients have reported payroll mandate frauds where the perpetrator claims to be an existing member of staff at the organisation and asks for their bank details to be changed for their salary payments. If the fraud attempt is successful, the bank account is changed and the next salary payment is made to the fraudster’s bank account.

A typical scenario is that the organisation’s HR or Payroll in-box receives an email purporting to be from a serving member of staff asking for a change to their bank account details for payroll purposes. In one case, the organisation’s Employee Change Form had been completed and attached to the email.

In cases seen so far, the email addresses used by the fraudster are not related to the organisation, and are purporting to be from the staff member’s personal email such as a Hotmail or Gmail account. In one case, the grammar and spelling within the email was poor, and subsequent investigation established that the fraudster was from overseas.

It is easy for a fraudster to identify the name of a genuine employee by reviewing social media, the organisation’s website or other online sources. They can then pose as this employee.

Although these payroll mandate frauds are typically via email, it is of course possible that a fraudster may send a letter or make contact via a telephone call.

  • Any requests for bank account changes for salary payments not sent from an official email address of your organisation must go through an independent verification process by contacting the staff member using the organisation’s email address, known phone number of the staff member, or via internal Skype/Teams accounts.
  • This independent verification process should include asking the member of staff to confirm personal identifiers.
  • If there is a portal for staff to make their own changes to bank accounts, direct staff to use this instead of contacting HR or Payroll to make the change.
  • Your organisation’s internal procedures should be amended to reflect these mitigation measures and all staff should be made aware of the amendments.
  • If you use a payroll provider, alert the provider to this type of fraud and ensure their procedures are robust.
Action Required

Be alert to all correspondence requesting a change of bank details for salary payments. If you think that your organisation has been a victim of payroll mandate fraud, contact your TIAA Anti-Crime Specialist immediately for advice.

For further discussion and support, including fraud awareness training services, contact: fraud@tiaa.co.uk