The simplest yet perhaps the best course of action is to leave the email unreplied. Here are specific actions that you can take if you spot a possible payroll scam: That’s why payroll fraud through email phishing is one of the favorite routes cybercriminals take.
What to do if you spot a possible payroll scamĮmail communication is one of the most common ways employees coordinate with one another, especially when a significant number of them are working remotely. That’s why hackers want you to hurry, sometimes, even panic. If you take time to think before acting, you are more likely to notice that something is off. They may also indicate in the email body that it’s an emergency or that there is a consequence if this is not acted upon right away. Their emails usually come with subject lines like “Urgent payroll request” or something that pushes you to take immediate action. In this example, hackers have studied and used the employee’s distinct greeting and choice of words.
Heyyy how are you? I have switched to another bank and would like to update my deposit information. They will also attempt to sound like how the impersonated employee usually does in an email: If they don’t use regular public domains like they will create an email domain that mimics a company’s official email domain. They impersonate an employee making victims think they’re actually talking to a colleague. They even track their social media accounts to know when they’re on vacation so they can tailor their message based on that information.
Payroll fraud attackers select their potential victim carefully and they gather not only their corporate details but personal ones as well. They do targeted attacks instead of mass-produced ones. So how exactly do they pull this off? Here are some of the most common ways scammers attack your payroll: