Hunting Payroll Pirates: Tracking HR Redirect Phishing Scam

SUMMARY :

A malicious threat actor group dubbed 'Payroll Pirates' is orchestrating an ongoing human resources payroll redirection phishing scam targeting numerous organizations' employees. The campaign primarily focuses on Workday users and high-profile companies. The actors employ search ads with brand keywords to promote sponsored phishing websites, utilize website builders for rapid domain creation, and often host phishing content behind an /online directory. The group has targeted various organizations, including the California Employment Development Department, Kaiser Permanente, Macy's, New York Life, and Roche. The scammers use obtained credentials and social security numbers to access employee portals and redirect funds to fraudulent bank accounts. The campaign's infrastructure includes hundreds of domains, dedicated IP ranges, and tactical shifts in specific timeframes.

OPENCTI LABELS :

phishing,hr scam


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hunting Payroll Pirates: Tracking HR Redirect Phishing Scam