Phishing Email: 2024 Payroll Notification

Description of Phishing Email:

A clever phishing email pretending to be a payroll notification has been reported, targeting employees. The email typically claims to be from a payroll service or HR department, warning about a payment issue or an urgent update to payroll information. It often includes a link or attachment that can install harmful software or steal personal information.

Screenshot of Phishing Email:

Text of the Email:

1 New Notification Regarding your 2024 Payroll

{Website}

McMaster University

How to Protect Yourself?

1. Use Direct Communication Channels: Instead of relying on email links, use direct communication channels like phone calls or secure portals to verify the authenticity of payroll notifications. Contact your HR department or payroll provider through trusted contact information.
2. Don’t Click on Links: Avoid clicking on links or downloading attachments from unsolicited emails, especially those claiming urgent action needed regarding your payroll.
3. Check for Red Flags: Look for common signs of phishing, such as generic greetings, spelling and grammatical errors, urgent language demanding immediate action, or requests for sensitive information like passwords or Social Security numbers.

Important Notes:

1. Verify Sender’s Identity: Always verify the sender’s email address and domain. Legitimate payroll notifications typically come from recognized company domains or specific HR departments. Check for any slight variations or misspellings that could indicate a phishing attempt.
2. Educate Yourself: Learn about common phishing tactics. Consider participating in the Information Security Training Program – Information Technology Security to protect against cyber threats and secure your digital world.
3. Report Suspicious Messages: Reporting phishing attempts helps prevent others from falling victim to these attacks. Send suspicious messages to is-spam@mcmaster.ca for review and investigation.