Skip to the main content.
Login
Login
Recruit and develop a productive workforce.

 

Talent Acquisition

Applicant Tracking | On/Off Boarding | Background Screening
Streamline your hiring process, efficiently manage applicants, and make data-driven decision. Hire the right people - minimize your risks.

 
Talent Management

Predictive People Analytics | Share & Perform | Zayzoon | UCM | Expense Management | Giving & Volunteering
From performance evaluations to employee wellbeing initiatives, we provide the tools you need to develop and nurture a talented workforce.

Prevent payroll errors and stay in compliance with labor regulations.

 

Payroll & Time

Scheduler | Clocks | Biometric | Tax | 401k
Effortlessly manage deductions, securely receive direct deposits, and smoothly file taxes.

 
Additional Services

401k
Design retirement plans that align with your financial goals and provide peace of mind for your employees' future with retirement options.

Merchant Services
Improve cash flow management, reduce the risks of bad checks, and offer enhanced security features to protect against fraud.

Maximize your workforce with streamlined HR and Benefits solutions.

Human Resources

DP Boost HR | DP Assist | Share & Perform | LMS
Discover top talent within your organization, reward your employees' successes, and train new hires with ease using our comprehensive HR solutions.

 
Benefits

Open Enrollment | Reconciliation | ACA | Carrier Connections | Benefits Admin
Employee benefits and payroll data are all in the same place making selections and deductions easy.

Subscribe now to stay up-to-date with the latest news and relevant information straight from us.

Grab your free guide today!

Attract-Todays-Top-Talent---book

 

Active in all 50 states, any industry imaginable, and every community we serve, American employers from 5 to 5,000 people trust us for Payroll, HR, Time and Talent needs. Today, we’re one of the nation’s most innovative, customer-focused, and respected workforce management firms.

We offer strategic partnerships designed to enhance the operational efficiency of businesses by integrating payroll, HR, and benefits administration into a single, user-friendly platform. Our partnerships provide clients with access to industry-leading support and innovative solutions tailored to meet their unique needs.
At Dominion Payroll, we empower businesses across diverse industries with tailored solutions that drive efficiency and growth. Our solutions are crafted to support payroll, time management, benefits, talent acquisition, and HR processes. Whether you're looking to simplify administrative tasks or improve strategic decision-making, our solutions are here to support you every step of the way.

4 min read

Fraud, Cyber, and Security Smarts: Protecting Your Payroll from Threats

Picture of Steve Lenderman Steve Lenderman : Sep 18, 2025 8:00:00 AM

Cybersecurity Employee Data Security Business Security Technology

Cybercriminals seek out payroll vulnerabilities, and businesses that fail to act quickly leave themselves susceptible to cyberattacks. Protecting sensitive data has never been more critical and requires awareness, vigilance, and the right safeguards in place.

We asked isolved’s Head of Fraud Prevention, Steve Lenderman, to provide insights on payroll fraud and threats. His responses highlight common payroll fraud methods and other threats, as well as steps you can take to protect your organization.

 

Q. What are the most common ways payroll fraud occurs in businesses today?

Payroll diversion via phishing and pharming is the most common type of payroll fraud, followed by compromised emails and social engineering of administrators. 

 
Q. What specific cyber threats are payroll systems most vulnerable to right now?

The continued reliance on passwords, especially in payroll systems, is one of the most significant vulnerabilities facing any industry today. Passwords are outdated, inherently insecure and easily exploited, opening the door to a wide range of attack vectors including phishing, credential stuffing and business email compromise.

 

Q. What red flags should business owners watch for that could indicate payroll manipulation or “ghost employees” (fictitious entities or non-working individuals on payroll, typically with intentions to illicitly withdraw funds)?

 

Common red flags indicating payroll manipulation or ghost employees include:

  • Increases in total payroll amounts
  • Missing tax liabilities on employees
  • Adding new employees or 1099 contractors who are paid immediately without standard onboarding
  • Multiple employees added in a single pay period or with identical bank routing number
  • Duplicate names, addresses, Social Security numbers (SSNs) or bank details in payroll record
 
Q. What red flags should business owners watch for that could indicate payroll-related phishing or business email compromise (BEC)?

 

Common red flags indicating payroll-related phishing or BEC include:

  • Excessive logins
  • Unusual logins both day and time
  • Missing emails, new rules or auto-forwards
 
Q. What access controls, policies or approval workflows do you recommend for making payroll changes securely?

 

Recommendations for making payroll changes securely include:

  • Using a computer that is only dedicated to financial transactions
  • Using organizational email rather than emails like Gmail, Outlook, etc.
  • Migrating to passkeys instead of passwords. Passkeys provide a secure way to confirm a user’s identity by linking the login process to both the device and the application or website being accessed. Unlike traditional passwords, passkeys use built-in authentication methods such as facial recognition, fingerprint scans or a personal identification number (PIN). Access is only granted when the credentials stored on the device align with those recognized by the app or site, ensuring both sides of the “key” match before entry is approved.
 
 
Q. How can companies balance trust in employees with necessary controls to prevent internal payroll fraud?

To help companies foster a workplace of trust and collaboration to prevent internal payroll fraud, here are some considerations:

  1. Build a Culture of Integrity: Trust begins with culture. Companies should foster transparency, accountability and open communication, making it clear that controls are not about distrust; they’re about protecting everyone.
  2. Implement Segregation of Duties: One of the most effective controls is ensuring no single employee has end-to-end control over payroll. For example, the person who enters payroll data should not be the one who approves it.
  3. Use Role-Based Access and Audit Trails: Limit access to payroll systems based on job roles. Audit logs should track every change, and alerts should flag anomalies like off-cycle payrolls or sudden bonuses.
  4. Conduct Regular Risk Assessments and Audits: Companies should continuously evaluate fraud risks and update controls accordingly. Regular payroll audits,especially by independent teams, help detect discrepancies early and reinforce accountability.
  5. Empower Employees Through Training:Routine training helps employees recognize red flags and understand their role in safeguarding payroll integrity.
  6. Use Technology to Automate and Monitor: Automated systems reduce human error and provide real-time monitoring. These tools allow companies to maintain trust while quietly enforcing strong controls.
  7. Encourage Whistleblower Reporting: Anonymous reporting mechanisms allow employees to raise concerns without fear of retaliation. 
 
Q. What role does segregation of duties play in reducing payroll fraud risk?

Segregation of duties plays a critical role. Most fraud stems from human error and the best way to prevent those types of errors is installing another individual to identify, report and prevent future fraud attempts. The more individual checkpoints, or segregation of duties, the stronger the fraud prevention.

 
Q. What’s the most effective way to ensure terminated employees lose payroll system access immediately?

A few ways to effectively protect payroll systems from terminated employees include:

  • Automated offboarding workflow
  • Real-time credential deactivation
  • Centralized identity management

 
Q. What best practices should be followed when payroll data is accessed remotely or from mobile devices?

The two recommended best practices for remotely accessed payroll data are:

 
Q. How often should payroll and HR staff receive security awareness training?

Staff should receive monthly communication with quarterly security awareness training.

 
Q. What’s your recommendation for how often businesses should audit payroll records for anomalies?

I would recommend businesses audit payroll records every month by different people.

 
Q: How can small/medium-sized businesses with fewer resources stay ahead of payroll fraud?

Even basic payroll software can flag anomalies like duplicate entries, unusual overtime or mismatched bank details.

Look for platforms that:

  • Require MFA
  • Track changes to payroll records
  • Integrate time-tracking and approval workflows

Run regular audits, paying particular attention to:

  • Payroll vs. employee rosters
  • Bank account overlaps
  • Unusual payment patterns
  • Manual adjustments or overrides

Separate duties as follows:

  • A designated individual handles payroll entry
  • A designated individual reviews and approves
  • A designated individual reconciles bank statements

Lastly, train your team. Fraud prevention is a team sport and requires practice in identifying, reporting and understanding the policies. Important items to teach your employees include spotting phishing attempts, reporting anomalies and understanding payroll policies and procedures.

 
Q. What are the best ways for businesses to stay proactive in preventing payroll fraud?

Prevention is paramount. While it comes with a cost, that investment is far less than the financial loss, operational disruption, reputational damage and frustration that a single fraud incident can cause.

The first step in preventing payroll fraud is building a culture of integrity and diligence supported by appropriate training, tools and processes in place. By teaching employees to identify and report payroll-related threats, you create a powerful defense against costly attacks.

 

Visit our  Cyber Security Center  to learn how Dominion Payroll is helping to keep our clients' data safe

 

Want to learn more about staying protected?

Join us for an eye-opening session on Wednesday, October 1st that uncovers two overlooked and costly threats facing employers today: cybersecurity vulnerabilities and employee labor law violations.

REGISTER TODAY! 

Banner promoting a webinar on cyber threats and labor law violations, scheduled for October 1st, with registration details highlighted.

 

 

Disclaimer. The information provided herein is for general informational purposes only and is not intended to be legal, investment or tax advice. It is not a substitute for professional legal, investment or tax advice, and you should not rely on it as such. No attorney-client or accountant-client relationship or any other kind of relationship is formed by any use of this information. The effective date of various provisions, amendments, and regulatory guidance may impact eligibility. The accuracy, completeness, correctness or adequacy of the information is not guaranteed, and isolved assumes no responsibility or liability for any errors or omissions in the content. You should consult with an attorney, investment professional or tax professional for advice regarding your specific situation. 

 

Content originally created by isolved.