Iv’e always wondered if these hackers could insert themselves into a companies payroll and have their “paycheck” direct deposited into an account somewhere.
Not if the payroll system has even a decent set of internal controls. For example, just putting your name on a list of folks to get paid shouldn't work, as any decent payroll system will require supervisory input (checking off on the submitted timecard, verifying employees in the section, etc...) for payroll to process. There would have to be collusion between the hacker and someone on the inside.
With collusion, there is higher risk, as now two or more have to keep a secret, but also with collusion, fraud is that much harder to prevent and detect.
That's why companies should also adopt some way of the payroll department to physically verify employee presence on the job.