Be Aware; New Office 365 Payroll and Benefits Scam

Bad actors will always find new ways to entice their targets to click a link or open an attachment. Typically, they use fear and urgency to persuade the end user to fall into their trap. But recently a new scam has come to light and is attempting to exploit their target’s curiosity.

These criminals are posing as the Human Resources department of your company and sending emails regarding upcoming pay increases or changes to next years benefits. The bodies of these emails will consist of verbiage like:

This years wage increase will start in December

View the salary increase sheet by clicking the link below.

New benefits for the upcoming year.

Both scams have the same goal, to steal your password.  If clicked, the provided link will redirect users to a fraudulent Office 365 sign in page in hopes that the target inputs their password. The Office 365 page will often have the email address of the targeted user already populated in the username box to add a sense of legitimacy to the ruse.

(example of the fake Office 365 page with the username pre-populated)

So, if you get an email from human resources about your “upcoming benefits in 2020” or “2020 pay raise,” do not click any link or open any attachments without confirming their legitimacy. If you feel that the email is fraudulent, report it to your IT department. If you have questions regarding your pay or benefits, it is best to call the HR department directly, using the known extension.