Threat Management, Threat Intelligence, Identity, IAM Technologies

Fraudsters impersonate employees to hijack payroll

IT Brew reports that a concerning and scalable social engineering threat dubbed "payroll pirate" attacks is targeting corporate help desks to hijack employee pay.

According to an advisory from Okta Threat Intelligence, malicious actors, believed to be a West Africa-based cybercrime group, are executing a two-step fraud scheme. Attackers first call a company's IT help desk, impersonate an employee, and request a password reset. They then call back, often reaching a different agent, to claim they need a multi-factor authentication reset, ultimately enrolling their own device to gain full access to payroll applications.

Okta's VP of Threat Intelligence, Brett Winterford, stated these attackers are "doing this at scale," exploiting weak verification processes to commit fraud. While initially prominent in the education sector, these attacks have now spread to industries like manufacturing and retail. Winterford emphasized the critical vulnerability, noting, "In some organizations, theyre relying on nothing but passwords to get access to payroll systems, which is madness."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds