Payroll data is one of the most valuable targets for cybercriminals. Knowing how to spot a phishing attack can protect your employees, your business, and your finances.
Phishing is a type of cyber attack where criminals impersonate trusted organizations — like your payroll provider, bank, or the IRS — to trick you into revealing sensitive information or taking a harmful action.
These attacks arrive by email, text message, or phone call. They often look completely legitimate. The goal is to steal login credentials, redirect payroll funds, or harvest employee data like Social Security numbers.
Payroll clients are high-value targets because a single successful attack can expose the personal and financial data of every employee in your company.
Phishing messages are designed to trigger a quick, unthinking response. Slow down and look for these red flags.
Messages that demand immediate action — "Your account will be locked in 24 hours" or "Respond today or payroll will be delayed" — are designed to make you act before you think.
The display name may say "Harpers Payroll" but the actual email address is from a different domain. Always check the full address — not just the name shown.
Hover over any link before clicking to see the real destination URL. Be especially wary of attachments you weren't expecting — even PDFs can carry malware.
Legitimate companies — including Harpers — will never ask you to provide passwords, PINs, Social Security numbers, or banking information via email or text.
Phishing emails often contain unusual phrasing, spelling errors, or generic salutations like "Dear Customer" instead of your name.
If a message asks you to call a number or visit a website provided in that same message, verify it independently first. Look up the number on the company's official website.
Use this list to immediately flag any suspicious communication claiming to be from us.
Your payroll system password or PIN
Employee Social Security numbers via email or text
Your company's bank account or routing numbers via email
Payment or wire transfer to a new or unverified account
To click a link to verify or reactivate your account
Employee W-2 files or tax data sent over unencrypted email
If you receive a request like any of these claiming to be from Harpers, do not respond. Call us directly at (508) 753-2385 to verify.
These are the attacks we see most often targeting payroll clients.
An email appears to come from an employee asking HR or payroll to update their direct deposit to a new bank account. The request looks routine. In reality, it's a criminal redirecting that employee's next paycheck to a fraudulent account.
A message claiming to be from a company executive asks payroll or HR to email all employee W-2s immediately — often citing tax filing, an audit, or a new accounting firm. This scam targets tax season and can expose every employee's SSN and income data.
You receive an email saying your payroll account has been locked, suspended, or needs verification. A link takes you to a page that looks identical to your payroll portal login — but is a fake site designed to steal your credentials.
Act quickly. The faster you respond, the better the outcome.
Stop interacting with the message immediately. Do not click any links, download attachments, or reply.
If you entered credentials on a suspicious site, change your payroll system password immediately. Use a unique password you haven't used elsewhere.
Call us at (508) 753-2385 so we can flag your account, check for unauthorized activity, and help you take next steps.
Forward suspicious emails to your IT department and report them to the FTC at reportfraud.ftc.gov. If financial fraud occurred, also contact your bank immediately.
If you receive any communication claiming to be from Harpers that seems unusual or suspicious, don't guess — call us directly. We would rather answer one extra phone call than have a client fall victim to fraud.
(508) 753-2385