Over the past two weeks, the NJCCIC received several incident reports of business email compromise (BEC) scams that attempted to change employee direct deposit account information to an account controlled by the threat actor, known as payroll diversion. In these cases, oftentimes the perpetrator either spoofs an employee’s email address and contacts the finance or human resources department to request the changes, or spoofs an executive’s email address to request changes on behalf of an employee; in rarer cases, the victim’s actual email account has been compromised. The recently reported incidents have come from organizations in multiple sectors and, therefore, do not appear to be part of a targeted campaign. The NJCCIC recommends educating employees, particularly those in finance or human resources positions, about this and similar scams, and how to identify commonly used tactics like email spoofing. Procedural changes, such as requiring confirmation of any payroll modifications via multiple communication methods, can help to prevent future victimization. The NJCCIC also recommends the addition of “External Email” tags to the subject and body of emails that come from outside an organization and, therefore, require greater scrutiny.