Defeating Direct Deposit Phishing Attacks
Privacy, Cyber & AI Decoded Alert | 1 min read
Apr 16, 2019
Risk Management Question
What steps can lawyers and law firms take to guard against phishing attacks that try to re-route direct deposit paychecks to a scammer's bank account?
The Issue
Lawyers are not the only marks of scammers; administrative and support staff have become targets, too. This new phishing scam usually takes the form of sending a legitimate looking email to an unsuspecting human resource employee, purporting to be from another company employee or supervisor, with instructions to change bank account and routing information for direct deposit paychecks. The email is written convincingly and professionally, and warns that the sender is going into a meeting or is otherwise unavailable, thus dodging verbal confirmation of the new routing information. After the human resource employee implements the instructions, the employee's paycheck is sent to the wrong bank account, causing financial harm to both the employee and the firm.
Risk Management Solution
Take the following steps to help defeat direct deposit phishing attacks:
- Compare the sender's email address to the sender's known company email address.
- Implement policies requiring all direct deposit instructions to be confirmed verbally and/or in-person with the affected employee.
- To avoid rushed changes, and if permitted by law, set a deadline of at least one week prior to the next paycheck for employees to ask for direct deposit changes.
- Don't act on instructions sent from an employee's personal email account.
- Discuss with your IT Department additional options that may be implemented to spot and prevent phishing attacks.
The best defense is a good offense. Educate your employees on a regular basis about how to spot and prevent new phishing techniques and remind them to be careful out there.
Related People
Related Capabilities
Featured Insights

Press Release
Jul 15, 2026
Two Hinshaw Partners Recognized in Minnesota Monthly's 2026 Top Lawyers in Minnesota

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry




