1099 scams are one of the most common ways that cybercriminals target payroll systems. Typically, these scams are perpetrated using a phishing attack on an unsuspecting victim at your company or a third-party vendor. If they are successful, the criminal can easily end up taking thousands of dollars from your company before they are caught.

What Is a 1099 Scam? 

Normally, 1099 forms are used for paying independent contractors. With a 1099 scam, a cybercriminal fakes a 1099 form and sends it to the finance or payroll department.

Step 1: The Phishing Attack 

In the beginning, cybercriminals typically start with a phishing attack to get an employee’s login credentials to their company email account. For example, they may send a link to a fake version of Microsoft 365’s login page and say that the user needs to update their password. 

Often, the user won’t even realize that someone else is controlling their email address. The hacker can even divert responses so that the user doesn’t see them. Because the 1099 request arrives from a genuine company account, the finance department is more likely to accept that it is true.

Step 2: An Urgent Request

Many companies have procedures in place for processing 1099s that would catch a scam like this. However, these scams will generally include a sense of urgency. For example, they may say that the contractor won’t do any work unless they’re paid upfront. 

Step 3: The Payout

Once the payment is approved, the money is gone. While there’s a very slight chance of recuperating the money, many cybercriminals operate from abroad. It is quite likely that the company’s payroll funds are permanently gone. Worse still, the scammer may try to repeat the 1099 scam at the same company until someone finally catches on.

Why Are 1099 Scams So Common? 

1099 payroll scams exist because 1099s require significantly less information than employment forms. It’s also easy to create a sense of urgency about paying an independent contractor. Ultimately, the biggest reason why they’re common is because they’re often successful. 

In a recent Mission to Grow podcast on, “Top 5 Things Businesses Need to Know About Payroll Security,” Josh Gohman, Asure’s VP of information security, discussed how frequently companies are targeted by different types of payroll scams. 

In fact, he says, “About 4% of phishing attacks are successful.” Phishing attacks are easy to send, making them more popular with cybercriminals.

One of the reasons these attacks work is because they don’t rely on technology. They play on human emotions and fallibility. 

In the 2024 Data Breach Investigation Report conducted by Verizon, 68% of attacks involved a non-malicious human actor. This means that the best way for companies to prevent a data breach, 1099 scam, or phishing attack is to train employees on ways to spot and avoid these scams. 

How to Spot a 1099 Scam

There are a few commonalities that you’ll see in many 1099 scams. 

  • 1099 payroll scams almost always have a sense of urgency. They want to hijack your logic and common sense so that you don’t slow down and investigate the request.
  • The 1099 may look incorrect. The name, address, or information may be off.
  • The amount may seem suspicious. For example, the hacker may consistently request 1099s for amounts that are just under the amount your company would automatically investigate. 

Ways to Prevent a 1099 Scam

Fortunately, there are steps you can take to prevent a 1099 scam from impacting your company’s bottom line. From auditing your procedures to training workers, there are a few simple changes you can make that will significantly improve the security level at your company. 

Conduct Regular Audits of Your 1099s 

One of the first things you should do is audit your company’s 1099s. After a cybercriminal gets their first 1099 payment, they will often try to send in repeated payment requests. Because of this, it’s important to check and make sure all your 1099 payments were made to genuine contractors. 

Use Multi-Factor Authentication 

Emails are generally the most common vector for phishing scams. Because of this, it’s important to improve your email security with multi-factor authentication. 

This type of authentication involves a second step after you input your email password, such as typing in a code that you received on your phone. Thanks to the added step, multi-factor authentication makes it significantly harder for criminals to access your workers’ email accounts.

Train Workers on Email Security 

Your best line of defense against hackers is your workers. A single careless response can give hackers access to your system, so teach workers how to spot hacking attempts. You should also use anti-virus software so suspicious emails are automatically quarantined.

Test Employees on Email Savvy

Once you’ve trained employees on what to expect, test them on it. “I absolutely send fake phishing emails to everybody periodically,” Gohman said. Thanks to test emails and other measures, Gohman decreased the phishing response rate at Asure from 10% to 4%. 

“It shows the value of training the people, creating that human firewall with your staff,” Gohman said. “Pound for pound and dollar for dollar, that is the most affordable and effective method of cybersecurity you can start with. It’s usually for a few dollars a year per person.”

Ask Payroll Providers About Exceptions

If you’re working with a payroll provider, you need to talk to them about when they make exceptions to procedures. For example, if your chief financial officer normally handles 1099 requests and they’re in an accident, how would the payroll provider respond? What do they do to vet a replacement to make sure they’re genuinely authorized to handle your 1099 requests? 

You should also talk about exceptions that could involve security risks. 1099 payroll scams are often last-minute, urgent requests. Due to this, you should find out how your payroll provider plans on handling this type of risk and what type of security measures they have in place.

Pay Attention to Your Physical Security 

It’s also important to consider your physical security. Cleaning crews, contractors, and service technicians may have access to your offices, so you should make sure they’re properly vetted. 

Employees should also remember to log off of their computers and avoid leaving important paperwork on their desks. While businesses are often focused on digital security, third parties can also access your physical paperwork and computers. 

Find Out How to Prevent 1099 Scams From Stealing Your Company’s Money

Fortunately, there are measures you can take to protect your payroll funds from scammers. With the right training and data security, you can prevent phishing emails from hijacking your employees’ emails.

 

Unlock your growth potential

Talk with one of experts to explore how Asure can help you reduce administrative burdens and focus on growth.