[Global] Cybercriminals target employees with fake payroll portals

[Global] Cybercriminals target employees with fake payroll portals
28 May 2025

New research has revealed that cybercriminals are targeting employees searching for their company’s payroll portals on Google, Asaase Radio reports.

According to a recent cybersecurity investigation by ReliaQuest, cybercriminals are utilising SEO poisoning techniques to place fraudulent websites at the top of search results. The sites mimic legitimate payroll login pages, tricking employees into entering their private data.

Once obtained, the data is reportedly used to access legitimate payroll systems, where attackers alter direct deposit information, rerouting salaries to accounts they control. The campaign primarily targets mobile devices, exploiting typically weaker security measures and the fact that they often operate outside corporate networks, making detection more challenging.

These attackers use compromised home office routers and mobile networks to mask their activities, further complicating matters. By routing malicious traffic through residential IP addresses, cybercriminals evade traditional security filters and hinder investigative efforts.

Incidents like these highlight the importance of employee vigilance and the need for organisations to implement robust cybersecurity training and protective measures, especially around mobile device usage and the verification of web resources.


Source: Asaase Radio

 

New research has revealed that cybercriminals are targeting employees searching for their company’s payroll portals on Google, Asaase Radio reports.

According to a recent cybersecurity investigation by ReliaQuest, cybercriminals are utilising SEO poisoning techniques to place fraudulent websites at the top of search results. The sites mimic legitimate payroll login pages, tricking employees into entering their private data.

Once obtained, the data is reportedly used to access legitimate payroll systems, where attackers alter direct deposit information, rerouting salaries to accounts they control. The campaign primarily targets mobile devices, exploiting typically weaker security measures and the fact that they often operate outside corporate networks, making detection more challenging.

These attackers use compromised home office routers and mobile networks to mask their activities, further complicating matters. By routing malicious traffic through residential IP addresses, cybercriminals evade traditional security filters and hinder investigative efforts.

Incidents like these highlight the importance of employee vigilance and the need for organisations to implement robust cybersecurity training and protective measures, especially around mobile device usage and the verification of web resources.


Source: Asaase Radio