The Cyber Crooks Have a New Favorite Costume: Payroll Companies?

Isabelle TobeBlog0 Comments

You know what’d be a great costume idea? A payroll company!” said no one ever – no one except for today’s phishing criminals that is! That’s right, the cyber crooks have come out with a new plan of attack: dressing up as payroll companies, reminding employees to update their login credentials. The end goal being, of course, to steal these credentials and transfer any money found.

How Does This Scam Look? 

Many scams reported start off with a bogus email from the employer’s “payroll provider,” asking employers to update their credentials for routine safety purposes. Here’s an example:

From here, those who click on links in the phishing email will be sent to a mock payroll processing site where they will be asked to submit their login credentials, in order to update them. These credentials give the attackers the ability to swap out the employee bank account for an account of their own.

An Email from the CEO?

Another angle some phishing criminals are taking is posing as a CEO or corporate executive writing internally to their employees. A scammer might email a payroll administrator, posturing as the CEO of their company, asking to update their direct deposit information, verify their account, or request a PDF of all employee’s W2s. If you receive a request like this from your CEO or someone you work with, reexamine the email for any major signs of phishing before responding.

How to Recognize Phishing

Phishing scams are more sophisticated than ever. The best way to avoid getting hacked is to know what to look out for, and to always double check if something smells…phishy. This could mean giving your actual payroll provider a call, or looking online to see if anyone else has received similar emails.

Here are 2 common identifiers of phishing to always look out for:

1. The email itself – Always be sure to check the email address. This is usually the quickest way to identify phishing. Phishers may be capable of duping contact names that employees would recognize, however they often are linked to email addresses with completely different names. For example, your “payroll provider contact,” John Doe emails you asking you to send him your login information, but his email address is “”

2. Wording – If you see the word “urgent” included in any email, you may naturally feel inclined to act fast! That’s why MANY scammers use this word in their attacks. If you receive any email asking you to urgently update or send something, definitely double check before clicking any links.

A Great Resource: If you’re looking for some interactive practice to sharpen your phishing email spotting skills, be sure to check out this interactive phishing quiz Google Jigsaw created.

Spread the Word: Encourage Education on Phishing!

At Dominion Payroll, we’re encouraging all of our clients to reach out to us if they receive any emails that they suspect to be phishing. We are also spreading awareness within our offices and have created an internal page for employees to screenshot any suspected phishing emails they’ve found in their inboxes. We hope this article is helpful and encourage all reading to share and pass on this information!

Photo by: Tom Roberts


Leave a Reply

Your email address will not be published. Required fields are marked *