Latest phishing scams target payroll direct deposits

Scammers are cashing in on paydays much to the chagrin of employees who had a lapse in judgment and shared their log-in credentials. Warn your employees NOW about this latest phishing scam involving payroll portals.

According to an article on Lexology this week by Rebecca J. Bennett and Danielle Vanderzanden, here’s what happens:

1) An employee receives email from a company email account that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.

2) The email asks the employee to click a link, access a website, or answer a few questions.

3) It then directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply email receive a prompt response purporting to verify that the employee should complete the steps contained in the link.

4) The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.

The article reports that in some versions of the scam, hackers access employee emails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions.

Even though you’ve told your staff to be wary of clicking on links no matter how legitimate the email seems, take time to tell them again. Emphasize how one wrong click could redirect their paycheck from their bank accounts into the hands of criminals. We also recommend that you:

• Remind users to slow down when going through their email inboxes. 

• Train users to check each email for the tell-tale signs of a spoofed email:
      ° Review reply address to make sure it is valid.
      ° Hover over all links to make sure they are valid.

• Instruct users to forward all suspicious emails to your IT department for confirmation on legitimacy of the email.

• Test users with regular phishing tests to make sure they are paying attention and not falling for phishing schemes.

Contact the experts at PrivaPlan to learn more about phishing tests and all the services we provide at or call 877-218-7707.


Related Posts

Access PrivaPlan Toolkit

Access CMA-PrivaPlan Toolkit

Sign up for updates

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.