How Do Scammers Use Fake Job Offers to Get Access to Your Bank Account?
An offer letter arrives, the pay looks reasonable, and then a “payroll setup” request shows up asking for more than the usual banking details. It’s a step most new hires don’t question, since sharing account information for direct deposit is genuinely a normal part of starting a job.
The short answer
Fake job offers generally aim to get access to a bank account through a handful of repeated tactics: asking for full online banking login credentials instead of just routing and account numbers, requesting remote access to a computer to “help set up” payroll or equipment, or using a fraudulent check to create a short window where money can be drained before the fraud is caught. The common thread across all of these is that they ask for more access, or more trust, than a real employer’s onboarding process actually requires.
Why routing and account numbers alone aren’t a real risk
It’s worth separating what’s genuinely normal from what isn’t. Providing a routing number and account number for direct deposit is standard practice everywhere, and that information alone doesn’t allow anyone to log into an account or move money out of it; it only allows deposits to be made in. The tactics that actually create risk go well beyond that basic, standard request.
The tactics that actually create access
- Asking for full online banking credentials. A username and password for online banking, sometimes framed as needed to “verify” an account before payroll setup, would give someone direct access to log in and view or move funds, something no legitimate direct deposit process requires.
- Requesting remote access to a device. A request to install remote-access software or share a screen to “walk through” account or payroll setup can let someone see saved passwords, banking sessions, or personal information well beyond what was ever necessary for the stated task.
- Sending a fraudulent check tied to a fast follow-up request. A check for a signing bonus or equipment stipend, paired with a request to send part of it back or forward it elsewhere, exploits the gap between when a check appears to clear and when it’s actually verified as legitimate, the same mechanism behind being asked to mail equipment money upfront in a related scam pattern.
- Directing a new hire to open an account at a specific bank or app. Being told to open a new account somewhere specific, rather than using an existing one, can be a way to funnel money through an account the scammer has more visibility into or control over.
Why the fake check version is especially damaging
Because a bank can make deposited funds available before a check is actually confirmed as good, a person can end up spending or forwarding money that later turns out not to exist. If part of that money was wired or sent back per instructions, that kind of request to return funds quickly is a recognizable pattern in its own right, and the account holder is typically the one left responsible for repaying the bank once the check is discovered to be fraudulent.
What tends to distinguish a real onboarding process
A legitimate employer’s payroll and IT setup generally happens through secured, internal company systems, not through remote-access software installed by the employee, personal login sharing, or checks mailed directly to an individual with instructions attached. Verifying that a company and its hiring process are real before sharing any financial information is generally a more reliable safeguard than trying to evaluate each individual request as it comes up, since a convincing fake employer can make almost any single step look ordinary in isolation.
Worth remembering
Direct deposit information alone isn’t the vulnerability in most fake job offer schemes; the actual access comes from credentials, remote control of a device, or money movement set in motion by a fraudulent check. Recognizing which requests go beyond standard onboarding is generally the clearest way to catch the pattern before any real access is gained.