Avoiding Direct Deposit Phishing Scams

Best Practices  

• Have employees enter their own direct deposit information via Self Service. Refer employees to MMB Employee Self Service to update their direct deposit information. Instructions and the Direct Deposit Authorization form are located under the My Pay tile.  
   

• Be cautious in verifying the identity of anyone requesting a SEMA4 self-service password reset or a change to Direct Deposit information. 

  • If the request is sent via email, call the employee using a number on file to verify, meet with them via MS Teams – or require them to send a photo of their State identification.

  • If the request is delivered in-person by someone you don’t know, require a photo ID. 

  • Do not accept requests over the phone.   
     

• Have designated staff as a Direct Deposit contact for employees. While some agency staff can update direct deposit information, many contacts cannot. Whenever possible, work with the employee, so they may make the change themselves in Self Service.  

• Review your HR staff SEMA4 roles. If your agency staff has the SEMA4 role to make direct deposit changes, Direct Deposit Update/Correct, determine if this role is necessary. If not, contact your agency security administrator to have the role removed.  

• Verify the Direct Deposit Authorization form is not available on your campus website. MMB has made great efforts to ensure the form is only available through Self Service. Please help us keep the form secure. Do not share the form or the link.  

• If HR or Payroll staff receive a Direct Deposit Authorization form, then according to PAY0001 they must: Verify the form includes either a voided check or deposit slip.

 
Note: Account numbers are masked in SEMA4 and Self Service. Agency staff are not allowed to give out any account information.  

• All changes to direct deposit information generate emails to the employee’s work and personal email addresses. Remind employees to review and update their contact information in Self Service.