Dec '25 (edited) ⢠General discussion
đ§ What is âPayroll Diversionâ in Cybersecurity
Payroll diversion happens when criminals gain access to an employeeâs email account and request that HR or payroll âupdateâ the employeeâs direct deposit information. Because the message comes from the actual email account, it often looks legitimate. Attackers then redirect the paycheck to a prepaid card, digital wallet, or disposable bank account, withdrawing the funds before the fraud is detected. This attack is common because small businesses often handle payroll via email instructions, and attackers know pay cycles and patterns. Itâs essentially stealing salaries in transitâaffecting employees directly and creating urgent financial recovery issues for employers.
What to Do
~
Implement a strict policy: payroll changes are never processed via email alone. Require employees to update direct deposit details through a secure HR portal or in person. Enforce MFA on all email accounts, which blocks most unauthorized access. Set up mailbox rules alerts to detect forwarding or auto-delete rulesâcommon signs of payroll fraud. Educate staff to report unexpected login notifications immediately. Review HR/payroll logs every pay cycle for unusual changes. If email must be used, require a second verification method (phone call to a known number). Use conditional access policies to block login attempts from high-risk countries.
0
0 comments
đ§ What is âPayroll Diversionâ in Cybersecurity
skool.com/techframework
Please post your questions and comments about business-related IT or Cybersecurity, and a member or moderator will answer them.
Powered by