New Phishing Scams Target Employees Via Payroll Inquiries

In a recent wave of phishing scams, companies are being targeted for their employee paychecks.

How this phishing scam lures you in:

Employees are receiving fraudulent emails that appear to be from a company email address or imitates a company service or resource like email signature requests or company surveys. These emails are requesting that employees click a link that directs them to a website where they answer a few questions. After answering questions, the scam asks employees to “confirm” their identity by providing their company login credentials. Some skeptical employees are replying to the email scam questioning the reason for login information, immediate responses are given verifying the request for credentials.

What happens to those who have been phished:

When an employee gives their credentials to this phishing scam the information is being used to access payroll portals. By accessing these payroll portals scammers are rerouting direct deposits to new accounts or changing passwords.

How to take action:

In order to ensure that your employees are not victim to these phishing scams, it is important to take the necessary precautions. Here are some of the steps employers can take:

  • Alert employees of scam
  • Tell employees to contact JMK with any suspicious requests opposed to replying
  • Warn employees not give out any credentials or personally identifying information in response to any email
  • Ensure that log-in credentials used for payroll purposes differ from those used for other purposes.
  • Use multi-factor authentication requirements
  • Review and update the physical, technical and personnel-related measures taken to protect your sensitive information and data