PHISHING TRAINING with Tom Malesic | Payroll Email Scam

Phishing attacks are everywhere now, tricking people into giving away their info. They pretend to be from big names like Peacock, Microsoft, and DocuSign, or mess with payroll details.

Owning a small business means I see these scams a lot. Here’s a look at one and tips on how to avoid getting scammed.

Payroll Email Scam

The scam landed in my inbox with a simple “update profile” subject line, supposedly from my employee. It looked legit, asking to update bank details for payroll. But things didn’t add up.

Signs of a Phishing Email

Several details in this email signal it’s a phishing attempt:

  • Email Address: The email came from a Gmail account, not Phil’s official work email. Big red flag.
  • Asking for Sensitive Info: It wanted bank details updated through email, which is never a good sign.
  • Off Signature: The email had Phil’s name but used a personal email with a business email signature.
  • Confirmation Sealed the Deal: A quick check with Phil through his work email confirmed my suspicion: it was a scam.

Stop Phishing Attacks Before They Happen

This scam is a good reminder to always double-check where emails are coming from and to question any request for sensitive info through email. Here’s what to keep in mind:

  • Check the Sender: Real company emails use their own domain, not Gmail.
  • Verify Requests: Always double-check with the sender through a secure method before acting on requests for personal or financial information.
  • Educate Your Team: Make sure your team knows how to spot these scams too.

By keeping an eye out for these signs and staying skeptical, you can protect yourself and your business from falling for phishing scams. Keep these tips in mind and stay safe.

Our Local Central Pennsylvania IT Company services Lancaster, Harrisburg and York and offers managed IT services. We’re happy to help protect your business by keeping your tech safe, secure, and off your plate.