It’s not always hackers who getcha with wire fraud. Sometimes it’s simply an inside job seemingly orchestrated by a trusted partner who suddenly and unexpectedly embraces the dark side.
The Federal Bureau of Investigation (FBI) on September 16 raided the home of Michael Mann, who heads MyPayrollHR, a Clifton Park, NY cloud-based payroll processing company, suspected of fraud to the tune of millions of dollars. Mann is the chief executive of ValueWise, MyPayrollHR's parent company.
MyPayrollHR allegedly diverted some $35 million in payroll funds from 250,000 employees at 5,000 companies into its own pocket. Right now, the FBI is asking for more potential victims to come forward. Thus far, no arrests have been made. The raid on Mann’s residence was first reported by the U.K.’s Daily Mail. MyPayrollHR abruptly shuttered its virtual doors on September 5 and Mann hasn’t been seen since. Its business partner, Cachet Financial Services, which deposits payroll money into workers’ personal accounts on MyPayrollHR's direction, claims it is a victim of fraud and that Mann or one of his minions moved workers' money into an account controlled by the company.
Some basics: Employers that use third-party payroll companies rely on the providers to process payments to employees’ bank accounts. For the past 12 years, until last week, when MyPayrollHR unexpectedly ceased virtual operations, it has posted a file to Cachet Financial Services bi-monthly that instructed Cachet where its clients' employees wages should be deposited and the corresponding amounts.
Here’s what transpired, as described by KrebsonSecurity:
In a normal procedure, MyPayrollHR would send a digital file documenting deposits made by each of its client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet. From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.
However, it didn’t work that way on September 4. MyPayRollHR asked Cachet to send all of its clients’ payroll money, amounting to $26 million, to an account it held at Pioneer Savings Bank. When Cachet subsequently asked Pioneer Savings about the $26 million, it was told that MyPayrollHR’s bank account has been frozen, Wendy Slavkin, Cachet’s attorney, told Krebs.
This is what happened next, according to Krebs’ report:
The payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made. In response, Cachet submitted a request to reverse that transaction. But according to Slavkin, that initial reversal request was improperly formatted, and so Cachet soon after submitted a correctly coded reversal request. The end result was two reversals.
The net net? Some employees whose companies use MyPayrollHP, had two direct deposits -- typically a month’s worth of payroll payments -- withdrawn from their accounts. One company, Granite Solutions Groupe, saw 250 of its employees shortchanged. “This caused a lot of chaos for employers, but employees were the ones really affected,” Dan L’Abbe, Granite’s CEO told Krebs. “This is all very unusual because we don’t even have the ability to take money out of our employee accounts.”
In the immediate wake of MyPayrollHR’s virtual shuttering, MyPayrollHR told clients that it was going out of business and that they should find someone else to handle their payroll. "We regret to inform you that due to unforeseen circumstances, we are no longer able to process any further payroll transactions," a note read. "Please find alternative methods for processing your payrolls." (via The Albany (NY) Times Union)
As might be expected, a number of people whose accounts were hit by the funds reversals leaving them in some cases with negative balances in their accounts, reamed both Cachet and MyPayroll HR on social media. Cachet ultimately cancelled the previous payment reversals, leaving it on the hook for $26 million, Krebs recounted.
“Most — if not all — employees affected by this will in the next day or two have all their money back,” Slavkin said. “Our system is excellent at protecting against outside hackers but when it comes to something like this it takes everyone by complete surprise.”