publishing date icon
February 28, 2023
read time icon
5 min. read

Targeted payroll phishing attack wants to steal your salary

Author image
Hoxhunt
Threat Analyst Team
Post hero image

HR payroll phishing attacks are common threats targeting companies, specifically their HR departments and those handling employee salaries. These types of attacks impersonate employees and request changes to their direct deposit information, with the goal of redirecting salary payments to the attacker's account.

Typically employing spear-phishing attack tactics, HR payroll phishing attacks are usually personalized and target a particular individual.

In this instance, the attackers addressed the person in charge of payroll by their first name, making the email appear more authentic.

Additionally, the attackers used the name of the impersonated co-worker in the email’s "From" field, adding to the message's seeming legitimacy. It's important to keep in mind that attackers may change the sender's name in the "From" field, but the email address can reveal a different name. In this case, the email address used was registered to a free address, not a professional one, which is another warning sign.

Off the hook – How to detect the attack and protect your organization from it

Always verify the sender's address and check if the name on the email address is the same as the one in the "From" field. It is important to be cautious of any email that comes from a free service, such as Gmail, especially if it asks for changes to be made to bank details.

If in doubt, it is crucial to call or ask the employee face-to-face if they made the request before changing any personal details.

If you suspect a phish, report it with the Hoxhunt button. It's better to be safe than sorry!

HR departments should be proactive in verifying all changes in payment details, implementing strict security protocols, and providing regular training to employees on how to identify and avoid phishing attacks. By doing so, companies can safeguard themselves and their employees' sensitive information and finances.

Subscribe to our newsletter