Protect Your Company: Beware of Payroll Phishing Scams | Netchex
Sep 10, 2019

Protect Your Company: Beware of Payroll Phishing Scams

Protect Your Company: Beware of Payroll Phishing Scams


While many tech companies employ safeguards around clients’ data, protecting this data is a shared responsibility. Reviewing and sharing resources (such as this article) with your organization are great ways to help ensure you are doing everything you can to protect your data. Working together to protect data is the only way to truly keep your company safe.

What is payroll phishing?

If you are in the dark on phishing, check out our previous post, “Gone Phishing”

Payroll phishing is a type of phishing threat known as “Business Email Compromise” that targets human resource teams and managers. The goal of the attacker is to convince the target to either update direct deposit information or to provide access to sensitive information (e.g. W-2) by pretending to be a trusted member of the company. These attackers will pretend to be company executives, employees, or even members of the human resources team! This threat is widespread due to the high payout and little risk for attackers. It is highly likely that you or a member of your organization has already received one of these emails.

How do I protect my organization from payroll phishing?

The good news for clients that use our employee self-service feature is that you already have some built-in protection! Your employees can update their direct deposit information and pull copies of important information, such as W-2s or other year-end tax forms. All that is left for you to do is make it a policy for your human resources and management team not to accept requests via email and instead direct employees to the Netchex employee self-service portal.

If you are not currently a client or utilizing our employee self-service feature, you can still follow the recommendations in our “Gone Phishing” blog post. Most importantly, you want to educate your human resources team and managers to validate requests by either talking to the employee in person or by calling them on the phone number listed in your company directory. 

If you ever receive an email appearing to come from Netchex asking for sensitive information or to update employee direct deposit account numbers, you can forward it to [email protected] to get validation if it is a legitimate request.

Questions or concerns?

Please contact our Netchex Information Security Team at [email protected] with any additional questions or concerns you may have about payroll phishing or security at Netchex. 

If you would like more information on all the Netchex safeguards already in place to keep your data safe, take a look at our Netchex Data Security Whitepaper. Also, our latest SOC 1 and SOC 2 reports detailing Netchex’s audited security processes can be provided to current and prospective clients upon request with an executed, current non-disclosure agreement.

Related articles

Blog 1
Security - 03/19/22

Making Netchex Safe & Secure: What Does it Mean to be Cyber Ready?

Read article
Blog 1
Security - 10/09/19

Safe and Secure: How to Find a Trustworthy HR & Payroll Company

Read article