Back to Blog

The “Urgent Payroll Update” And Other HR-Related Scams

Posted on by The Money Mill
Posted in Blog - The Money MillFraud & Identity Theft
Manager leading a discussion with employees in a workshop

Emails from HR inevitably get employees’ attention—and scammers know it. Recent data reveals just how dangerous that trust can be.

KnowBe4’s Threat Lab recently recorded a 120% surge in HR-impersonation phishing attacks over a 90-day period. And these scams are growing not only in quantity but in sophistication. Cybercriminals are strategically aligning campaigns with payroll cycles and company communications, exploiting natural administrative rhythms to heighten the urgency of their bogus messages.

QR Tactic

One prevalent tactic involves QR codes that redirect users from the secure corporate environment to vulnerable personal devices—a hybrid “quishing” approach that bypasses standard email security filters.

Other schemes fake HR policy updates by hijacking trusted platforms like Intuit QuickBooks, pressuring users to comply immediately to avoid consequences.

Vital Data Compromised

The consequences of successful breaches can be severe. Another study, this one from data intelligence firm Lab 1, found that HR documents, including payroll records, resumes, and personally identifiable information, were present in 82% of analyzed data breaches.

Much of this compromised data consists of unstructured content including emails, PDFs, and spreadsheets that can be weaponized by AI to generate deepfakes, synthetic identities, and highly convincing phishing attacks. This dual threat—HR phishing attacks and prolific leaks of HR data—presents a one-two punch to organizational security.

Taking Advantage of Trust

Because employees inherently trust HR communications, these attacks often slip through at the moment of urgency. As one analysis noted, 98% of simulated phishing campaigns with internal subject lines drove engagement, with HR themes appearing in 45% of those top-performing lures. Small wonder that HR-related scams leveraging psychological triggers and insider access are a rapidly evolving event.

 

Protecting the business you’ve built from the ground up is crucial, both to you and to your employees. You can find more ways to protect yourself and your business by subscribing to The Money Mill blog, For more about what Jeanne D’Arc Credit Union does to keep your financial information secure and how you can stay vigilant, visit our website.

Related Articles