Targeted payroll phishing attack wants to steal your salary

Post hero image

Table of contents

HR payroll phishing attacks are common threats targeting companies, specifically their HR departments and those handling employee salaries. These types of attacks impersonate employees and request changes to their direct deposit information, with the goal of redirecting salary payments to the attacker's account.

Typically employing spear-phishing attack tactics, HR payroll phishing attacks are usually personalized and target a particular individual.

In this instance, the attackers addressed the person in charge of payroll by their first name, making the email appear more authentic.

Additionally, the attackers used the name of the impersonated co-worker in the email’s "From" field, adding to the message's seeming legitimacy. It's important to keep in mind that attackers may change the sender's name in the "From" field, but the email address can reveal a different name. In this case, the email address used was registered to a free address, not a professional one, which is another warning sign.

Off the hook – How to detect the attack and protect your organization from it

Always verify the sender's address and check if the name on the email address is the same as the one in the "From" field. It is important to be cautious of any email that comes from a free service, such as Gmail, especially if it asks for changes to be made to bank details.

If in doubt, it is crucial to call or ask the employee face-to-face if they made the request before changing any personal details.

If you suspect a phish, report it with the Hoxhunt button. It's better to be safe than sorry!

HR departments should be proactive in verifying all changes in payment details, implementing strict security protocols, and providing regular training to employees on how to identify and avoid phishing attacks. By doing so, companies can safeguard themselves and their employees' sensitive information and finances.

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this