Salary-diversion fraud is the payroll cousin of invoice redirection. An attacker, posing as an employee, emails HR or payroll asking to 'update my bank account'. The details are changed, and on payday the salary lands in the fraudster's account. The employee only finds out when their pay doesn't arrive.
Why payroll is exposed
Bank-detail changes in payroll often arrive by email and are processed without an independent check that the new account actually belongs to the employee. The IBAN is valid, the request looks routine, and the change sticks — until payday.
Verify the change, not just the run
The riskiest moment is a bank-detail change. Verifying the employee name against the new IBAN at that point — and again before the run — catches diversion before money moves.
A payroll verification routine
- 1 Verify the employee name against the IBAN whenever bank details are first captured or changed.
- 2 Treat a no match as a stop and confirm with the employee through a known channel — not the email requesting the change.
- 3 Before each payroll run, batch-verify the file so any mismatched account is flagged before release.
Doing it at scale
For anything beyond a handful of staff, manual checks don't scale. Verification of Payee can verify each line of a payroll file via API before release, or staff can run ad-hoc checks from a dashboard. RoxPay offers both, so payroll and HR teams can put a name check in front of every salary payment.