The 10 Most Common Cyberattacks on Payroll

Posted Jul 22, 2024

Are you confident about your company’s ability to withstand cyberattacks? 

Payroll attacks are incredibly common because of how much money is transferred into and out of payroll accounts every month. Unfortunately, payroll cyberattacks are also incredibly easy to perpetuate. 

In the majority of cases, cyberattacks happen because of a human element. For example, the attacker may send an email that impersonates a co-worker. Alternatively, they get email access to someone who works in your finance or HR department. Then, the attacker may simply email your payroll provider and ask for an urgent 1099 to get filled. 

The main way to prevent these types of attacks is preparation. More importantly, that preparation shouldn’t be solely for your senior executives. Cyberattacks can happen at any level of the organization, so all employees should be trained on how to avoid security risks. 

The 10 Most Common Payroll Cyberattacks 

As a part of training your workers on cyberattacks, you should start by reviewing the different types of attacks and what they should be watching out for.

1. Ransomware Attacks 

Unfortunately, ransomware attacks are fairly common. With this type of attack, your system is hijacked by attackers until a ransom has been paid. Often, this malicious code gets onto your system through an innocent-looking link. 

After accessing your systems, attackers will encrypt payroll data so that you cannot use it. Besides causing short-term payroll problems, it can also lead to long-term reputational harm. If the attackers use your workers’ data, the attack can also have a devastating impact on your employees’ financial security. 

2. Phishing Attacks 

Phishing attacks are another of the most frequent cyberattacks on payroll systems. In a recent podcast on Mission to Grow about, “Top 5 Things Businesses Need to Know About Payroll Security,” the VP of information security at Asure, Josh Gohman, focused on the dangers of these attacks.

In fact, these attacks are not only frequent. They’re also extraordinarily successful. According to Gohman, “About 4% of phishing attacks are successful.” 

3. 1099 Attacks 

1099 attacks are incredibly common on payroll systems. Because 1099 forms are used to pay contractors, they require less information than your actual payroll. This makes them incredibly easy for cybercriminals to exploit. 

Typically, this kind of attack starts with a compromised email. This allows the attacker to send emails to your payroll department or payroll provider that look like they are coming from you. 

If the payroll provider requires a phone call for confirmation, the attackers will even call the company and impersonate one of your employees. Often, the attackers will make it so any returning emails from the fraud are automatically diverted so that you don’t see them in your inbox. 

The one commonality with 1099 attacks and many other phishing attacks is that they have a sense of urgency. Attackers want the victim to override their normal thought processes and company procedures to immediately fulfill the 1099. For example, the attacker may say that the 1099 has to be created and paid before a contractor will start working on your leaky sewer line.

4. Payroll Diversion Attacks 

Payroll diversion attacks generally involve the attacker changing the bank account, direct deposit, or payroll information for an employee. They may also request for a new employee to be created with fraudulent payroll information. 

In extreme cases, the attacker will gain control of the email account of an employee who handles payroll. Then, they can use this information to access the payroll system and change the payment account for every worker. 

Payroll diversion attacks are especially challenging for employees who are left without a paycheck. It can also be difficult for employers to know when bank account information has been fraudulently changed or not. Because of this, it is especially important for companies to train their employees on email security and prevent payroll diversion attacks. 

5. Weak Authentication Exploits 

Weak authentication exploits occur when your authentication measures are easy to crack. For instance, if someone uses “123456” or “password” as their password, a hacker can easily gain access to the worker’s company accounts. 

To prevent this issue, it’s important to set up multi-factor authentication. This type of protocol involves multiple security measures. For example, you may require employees to input a code from their phone and a password to access your computer system.

6. In-House Vulnerabilities 

In-house vulnerabilities exist when employees are negligent about their passwords and account access. For example, they may remain logged into your computer system or share a password with a coworker who doesn’t have the same background checks or clearance. 

Additionally, in-house vulnerabilities exist when former employees retain access to their accounts. As soon as someone is let go, their access should be completely removed from every part of your system.

7. Third Parties 

It’s important to carefully consider all of the third parties that could have access to your files and computers. Cleaning crews, contractors, software providers, and other individuals may be able to access your system when you’re unaware. This means it is especially important to screen any third-party company you work with and train workers to log off. 

8. Paperwork Security 

A part of preventing third-party access is your paperwork security. While people commonly focus on their digital risks, your physical paperwork can easily become compromised. For example, employees may leave paperwork on their desks. Alternatively, your filing cabinets could be easily accessible to third parties, like janitorial companies. 

Beyond locking up your paperwork, you should also make sure that you destroy any paperwork you don’t need anymore. Many HR documents only have to be kept for three years, so you’re creating unnecessary risks and liability if you continue storing these documents after this time period.

9. Compromised Email 

Business email can be compromised in many ways. For example, consider the following common email attacks.

Spearphishing: Attackers create an email that looks like it is from a trusted source. Then, they get the worker to give them confidential information. 

Spoofed Email Accounts and Websites: Through spoofing, attackers can create fake login pages that look like genuine ones.

Malware Links: Sometimes, emails contain malware links that cause malicious software to be downloaded. Then, this type of software can get the login information for your email and other accounts.

10. Employee Fraud

Unfortunately, employee fraud is another payroll risk. While any employee can cause harm, workers who handle payroll and financial matters have better access to commit fraud. Because of this, it is incredibly important to background check any workers who have access to financial accounts and confidential information. 

Employee fraud can occur in many ways. It may involve falsified timesheets and unauthorized bonuses. An employee may also authorize expense reports and 1099s that aren’t valid.

Tips for Protecting Your Company From Payroll Cyberattacks 

  • Educate your workers about common attacks.
  • Monitor any employee logins that occur outside of your standard business hours.
  • Create procedures that slow down the processing of 1099s and payroll to give employees time to think about what they’re doing and to catch fraudulent requests.
  • Review the access that third parties, like contractors and cleaning crews, have to your site.
  • Use multi-factor authentication. 
  • Implement anti-virus software with your company’s email system.
  • Audit the security of third-party partners.

 

Unlock your growth potential

Talk with one of experts to explore how Asure can help you reduce administrative burdens and focus on growth.

Get Connected