Using Google Workspace to Prevent Employee Wage Scams
In the ever-evolving cybercrime landscape, a new email scam is targeting businesses. Scammers are posing as team members and requesting wage payments be sent to new bank accounts that they control. While this scam may only succeed once, the repercussions can be severe. A single instance of falling prey to this scam can lead to significant financial loss and cause immense distress to all parties involved.
How the Scam Works
The scammers create fake personal email addresses using free providers like Gmail, Hotmail, Yahoo, or Outlook. They then email your company, pretending to be a team member, and request that their wages be paid into a new bank account. The email may seem genuine, often mimicking the style and tone of the actual team member, making it hard to detect the fraud immediately.
Why It's Effective
Familiarity: The email comes from a seemingly familiar address, making the request appear legitimate.
Urgency: The scammer may include a sense of urgency, pressing the payroll department to act quickly without verifying the details.
Human Error: Companies without stringent verification processes can easily fall victim to this scam, as employees handling payroll may not always be vigilant about such changes.
Implementing a Procedure
Google Workspace by Kimbley IT offers tools to help businesses implement secure processes for managing sensitive requests, such as changes to team members’ banking details.
1. You can use Google Forms to create a secure form for your team to submit requests to change their bank details.
Design a Google Form that includes fields for all necessary information, such as the team member's name, old bank details, new bank details, and the reason for the change.
You can restrict the Google Form so that only team members with company Google Workspace accounts can access it.
Set up notifications so that HR or payroll is alerted whenever a form is submitted.
2. Google Sheets can be linked to Google Forms to automatically log submissions, creating a centralised record of all change requests.
Responses from the Google Form are captured in a Google Sheet, ensuring all data is stored securely and can be accessed only by authorised team members using permissions.
Use Google Sheets' version history to maintain an audit trail of all data changes and updates.
3. To verify the request, use Google Meet.
Schedule a quick video call via Google Meet with the team member to verify the request. This face-to-face interaction helps confirm the request's authenticity.
Establishing and enforcing procedures can significantly reduce the risk of falling victim to this scam. Vigilance and verification are vital in safeguarding from cybercriminals. Stay alert and keep your processes tight to ensure your business doesn't become the next target. Book a video call below if you want to know more ways we can help you keep your data secure using Google Workspace and IT Assistance and Support by Kimbley IT.
