Payroll Phishing Scams Aimed at Your Business

Phishing scams targeting businesses have been around for years, but a new round of phishing attacks targeting corporate payroll systems is troubling for small business owners. If an employee falls for a payroll phishing scam, it could compromise your payroll portal. In this blog, we discuss what to look out for and how to boost your security defenses to prevent a payroll phishing breach.

Phishing Scam #1

Payroll phishing scams start with an email sent to an employee. In one version of the scam, an email appearing to be from your company HR department will ask the recipient to update their employee login credentials for the self-service payroll portal. If the employee falls for the bait and volunteers their username and password, the criminals then use the login information to reroute the employee’s direct deposit payroll funds to fraudulent offshore accounts.

Phishing Scam #2

Another version of scam sends an email mimicking a legitimate, trusted company and asks the employee to complete a survey or provide an e-signature. After clicking on a link to “verify” their identity, malicious software is loaded in order to steal the employee’s payroll portal login credentials.

How to Protect Your Payroll

In response to the prevalence and effectiveness of payroll phishing scams, earlier this year, the FBI issued an official warning to employers. Fortunately, you can take several steps to help you avoid these scams:

1. Educate Your Employees: Alert your employees to the prevalence of payroll phishing attacks. Since many payroll phishing scams spoof legitimate corporate emails, employees should phone the sender for verification or contact an administrator for guidance.
2. Create Safe Links: Your payroll department can create a symbol or icon that indicates a link is safe to click on. Once your staff becomes familiar with that symbol or icon, they will know that links sent from your payroll department are safe.
3. Monitor Your Network: Malicious links sent in payroll phishing emails can also compromise your network. That’s why early detection of threats and identification of vulnerabilities are crucial for every company. Investing in a network monitoring solution can help your business stay on top of payroll phishing scams and other cyberthreats. 
4. Invest in a Secure Email Gateway: Secure email gateways monitor inbound emails for unwanted content sent with phishing and malware scams. A variety of providers offer secure email gateway solutions.
5. Report Incidents to the Authorities: Report any email phishing scams to the Federal Trade Commission. The US Secret Service also investigates payroll phishing breaches. Contact a field office in your area.

We take data security seriously, and we hope you find these prevention tips helpful.

Reclamere provides data security services to businesses in Pennsylvania and throughout the United States. For more information about our suite of data security services, please contact us by phone or complete the form on this page.