publishing date icon
February 28, 2023
read time icon
5 min. read

Targeted payroll phishing attack wants to steal your salary

Post hero image

Table of contents

share this post

HR payroll phishing attacks are common threats targeting companies, specifically their HR departments and those handling employee salaries. These types of attacks impersonate employees and request changes to their direct deposit information, with the goal of redirecting salary payments to the attacker's account.

Typically employing spear-phishing attack tactics, HR payroll phishing attacks are usually personalized and target a particular individual.

In this instance, the attackers addressed the person in charge of payroll by their first name, making the email appear more authentic.

Additionally, the attackers used the name of the impersonated co-worker in the email’s "From" field, adding to the message's seeming legitimacy. It's important to keep in mind that attackers may change the sender's name in the "From" field, but the email address can reveal a different name. In this case, the email address used was registered to a free address, not a professional one, which is another warning sign.

Off the hook – How to detect the attack and protect your organization from it

Always verify the sender's address and check if the name on the email address is the same as the one in the "From" field. It is important to be cautious of any email that comes from a free service, such as Gmail, especially if it asks for changes to be made to bank details.

If in doubt, it is crucial to call or ask the employee face-to-face if they made the request before changing any personal details.

If you suspect a phish, report it with the Hoxhunt button. It's better to be safe than sorry!

HR departments should be proactive in verifying all changes in payment details, implementing strict security protocols, and providing regular training to employees on how to identify and avoid phishing attacks. By doing so, companies can safeguard themselves and their employees' sensitive information and finances.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.