Banking

Is the direct deposit change email a scam?

Quick answer

Yes — if it claims to be from an employee but the email is unfamiliar or oddly worded, it's almost certainly a Business Email Compromise (BEC) attack. Scammers impersonate employees, email HR/payroll asking to redirect direct deposit, and intercept the next paycheck.

Red flags to look for

1
Email from a slightly off employee address (john.smith@gmaiI.com vs gmail.com)
2
Casual tone but no prior conversation thread
3
Requests urgency: 'before this Friday's payroll'
4
Asks to change to an account that doesn't match employee records
5
Refuses to call to verify, citing 'in meetings'

Real examples

Email to HR

Hi Linda, I switched banks recently — can you update my direct deposit to this new account before Friday's pay run? Routing 121000358, account 8847291038. Thanks! — Mike

Likely Scam

Even if 'Mike' is a real employee, the email is from a spoofed or compromised address. Real Mike's identity should always be verified by phone (using a number you already have) before any payroll change.

What to do

Always verify by phone (using a number you already had — not a number in the email) before changing any direct deposit.
Set a policy: no direct deposit changes by email alone, ever.
Use multi-factor confirmation: in-person or video call.
Train all payroll/HR staff on BEC patterns.
If a fraudulent change went through: immediately contact your bank's fraud team — sometimes funds can be recalled within hours.

Not sure about a message? Check it in seconds.

Paste any suspicious text, email, link, or screenshot into Double Check and get a plain-English answer instantly. Free to start. Family alerts included.

Download on the App Store Get for Android

Why scammers use this approach

Payroll BEC is one of the highest-yield attacks per attempt: a successful scam captures an entire paycheck, sometimes for months before discovery. Scammers harvest employee names from LinkedIn and compromise or spoof email accounts.

Frequently asked questions

Who's responsible if money goes to the scammer's account?

Legally complex. Often the employer bears partial liability if they didn't follow proper verification. Banks typically can't reverse the transaction. Prevention is everything.