Category
Banking (banking-financial)One polite email to payroll can reroute a paycheck. Here's how to spot it — and check before anyone clicks.
Check a Suspicious Email →No credit card. A verdict in about 20 seconds.
The problem: A direct deposit scam comes as a polite email that looks like it's from your own employee, asking to change their bank info before payday. By the time anyone notices, the paycheck is gone. The hard part is it looks completely normal.
The solution: Check the email before anyone acts on it — forward it and get a plain verdict in about 20 seconds — and verify any bank change by phone to a number you already have.
In this article
It lands as an email to whoever runs payroll, and it looks like one of your own people sent it. "I switched banks — can you update my direct deposit before Friday?" Polite. Normal. The hosers either faked the name or already stole that employee's login.
If they're inside the mailbox, they set a quiet rule that deletes the bank's confirmation, so nobody notices until payday comes and the money is gone. The FBI keeps warning about this one — it's a flavor of business email compromise, and right now education, healthcare, and airlines are getting hit the hardest. (source) #DirectDepositScam #SmallBusiness
There's no malware to catch and no scary link to flag. It's just a normal-looking request from a name you trust. Your spam filter waves it right through, because nothing about it looks dangerous — and that's the whole point.
The money moves fast, and once it's in the hoser's account it's almost impossible to claw back. A direct deposit scam doesn't break in. It asks nicely, and the helpful employee does the rest.
First, check the email before anyone acts on it. You can't tell a real request from a fake one by eye — that's why these work. Forward it and get a straight verdict: safe, suspicious, phishing, or forged.
Second, make it a rule that no direct deposit ever changes from an email alone. Confirm by phone to a number you already have for that person, with a second set of eyes to approve it. Two minutes of friction beats a stolen paycheck.
A good direct deposit scam fools careful, smart folks — that's what it's designed to do. Nobody should have to be a fraud expert just to run payroll. If your team got tricked, the scam did its job; it doesn't mean they failed.
I've spent 30 years watching how these attacks work. The email that costs you is the one that looks the most ordinary. The good news is you don't have to judge it by eye — you can just check it.
No guesswork. Here's exactly what happens when you click the button.
No card needed. Holding one right now? Start a free trial — 3 email checks and a Windows computer scan.
✅ No credit card to start, and nothing to install.
✅ We only look and report. We read the email you send us and give a verdict — nothing else.
✅ Your data is yours. We don't sell it — ever.
✅ A clear answer. Safe, suspicious, phishing, or forged — no "it's probably fine."
✅ Straight talk. We say "found" and "flagged," never "stopped" or "guaranteed."
✅ Move up only if you want to. Paid plans come with a 30-day money-back guarantee.
Start by checking the email. From there, you choose how much help you want. No pressure, no guessing.
Forward any suspicious email and get a verdict in about 20 seconds — plus the 74-point computer scan and a plain-English report. $9 per seat / month for business (10-seat minimum), or $47/month personal. Or start with no card.
Check a Suspicious Email →Want your whole team trained to spot these before they ever reach payroll? Fortify adds phishing simulation and training, plus automatic patching and hardening on every machine. Includes everything in Reveal. $147 per computer / month.
See how Fortify works →Everything in Fortify, plus around-the-clock monitoring and response, endpoint protection, DNS-layer defense, and managed backup. The only tier that covers servers. $247 per computer / month, $497 per server / month (by consult, 5-device minimum).
Talk to us about Defend →Built on Craig Peterson's 30 years in cybersecurity. Each tier includes everything in the one before it.
Not this one. A direct deposit scam has no malware and no bad link — it's a plain text request from a name your filter trusts. That's exactly why it sails through. Spam filters catch junk; they don't catch a polite lie.
Checking the email takes about 20 seconds and gives you a real answer. Try it with one you're unsure about.
The next "I switched banks" email might be real, or it might cost you a paycheck. Forward it and know in about 20 seconds — so you can approve it with confidence instead of crossing your fingers.
Check a Suspicious Email →No credit card. A verdict in about 20 seconds.
Want this kind of plain-English security news every week? Sign up for Craig's free Insider Notes newsletter at CraigPeterson.com.
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Join 10,000+ cybersecurity professionals