The Payroll Switcheroo

by

🔍 The Payroll Switcheroo: A Case of the Fake “Brandy Derrick”

Every good detective knows that the best scams don’t look like scams at all.
One afternoon, my office got caught in the middle of a classic con that could have fooled anyone.

The Case File

It started with a simple email. My employee opened a message that seemed to be from me:

From: Brandy Derrick <[email protected]>
Subject: PAY CORRECTION

“Before the upcoming payroll is processed, I need to update my new checking account. What’s required?”

— Brandy Derrick, Owner. Virtual Bookkeeper. Legal Ease Bookkeeping

The name and title were acurate. The tone felt familiar.
But here’s the twist, it wasn’t from me!

The Crime: Payroll Redirection Fraud

This scammer wasn’t looking for my attention. They were after my paycheck.
By pretending to be me, they hoped an employee would change “my” direct deposit to their fake account just before payroll went out. Once the money hit, it would vanish faster than a getaway car.

This trick is called email spoofing. It happens when someone fakes a sender address to make a message seem real. No hacking is needed, just trickery and timing.

The Clues That Gave It Away

🕵️‍♀️ Clue #1: The sender’s email domain was wrong; @avanzarsoluciones.com isn’t my business.
🕐 Clue #2: The message arrived right before payroll, when everyone is busy and rushing.
💬 Clue #3: No greeting or details, just a quick request to update my bank account.
⚠️ Clue #4: Urgency; scammers love to create false deadlines.

Our team spotted the red flags and stopped the scam before it started. Case closed.

The Detective’s Response Plan

Once we identified the fraud attempt, we didn’t just delete the evidence; we documented it.
Here’s our step-by-step playbook:

  1. 🧱 Block & report the sender as phishing.
  2. 📩 Forward the email to [email protected] and our provider.
  3. 📞 Verify in person or by phone before approving any payroll or banking change.
  4. 🧠 Remind every employee: No email request, no matter how real it looks, replaces a voice you know.

How to Protect Your Own Agency (or Business)

Even the sharpest bookkeepers and business owners can fall into these traps if they are not careful.
Here’s how to stay one step ahead:

  • 🗂️ Require verbal verification for all account changes. whether for payroll, vendors, or payments.
  • 🔐 Secure your domain with SPF, DKIM, and DMARC records to prevent spoofing.
  • 🧑‍🏫 Train your team to recognize suspicious tone, timing, or domains.
  • 📢 Report every attempt today’s fake email might lead to tomorrow’s issue.

Case Closed

At Detect-a-Fraud, we like to say:

“Every inbox holds a clue if you know where to look.”

This one tried to use my name to pull a fast one, but our fraud defenses caught the con before it cost anything.

Stay alert, detectives; the next case could land in your inbox.

Previous Post

How Forensic Accountants Assist in Legal Investigations

Next Post

The Payroll Switcheroo

Uncovering financial truths through forensic accounting insights and resources.

Navigation

Home

Contact

Blog

socials

LinkedIn

Facebook

Instagram

newsletter

Subscribe