1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Watch out - hackers are coming after your Christmas bonus, as pay

    From TechnologyDaily@1337:1/100 to All on Fri Dec 19 21:45:09 2025
    Watch out - hackers are coming after your Christmas bonus, as paychecks come under threat

    Date:
    Fri, 19 Dec 2025 21:30:00 +0000

    Description:
    Payroll-focused social engineering attacks target help desk staff, redirect employee salaries, and show how human factors can bypass traditional
    technical protections.

    FULL STORY ======================================================================Attacker s exploit help desk personnel to gain unauthorized payroll system access Social engineering lets hackers redirect employee salaries without triggering alerts Targeting individual paychecks keeps attacks under law enforcement and corporate radar

    Payroll systems are increasingly targeted by cybercriminals, particularly during periods when bonuses and end-of-year payments are expected.

    Okta Threat Intelligence reports that attackers focus less on breaking into infrastructure and more on exploiting human processes surrounding payroll access.

    Rather than deploying ransomware or mass phishing campaigns, these actors aim to quietly divert individual salaries by manipulating account recovery workflows. Help desks emerge as the weak link

    Tracking a campaign known as O-UNC-034, Okta reported that attackers are calling corporate help desks directly.

    Posing as legitimate employees, they request password resets or account changes, relying on social engineering rather than technical exploits.

    These calls have affected organizations across the education, manufacturing, and retail sectors, indicating that no single industry is the focus.

    Once access is granted, attackers attempt to register their own
    authentication methods to maintain control over the compromised account.

    After taking over an employee account, attackers move quickly to payroll platforms such as Workday, Dayforce HCM, and ADP.

    They alter banking details so upcoming payments are redirected elsewhere, often without immediate detection.

    Because the theft targets individual paychecks, the financial losses can appear minor when viewed in isolation.

    This reduces the likelihood of rapid escalation or law enforcement attention.

    At scale, this approach can yield large returns and enable identity theft without triggering alarms tied to larger breaches.

    Threat analysts suggest that stealing individual salaries is less conspicuous than large data breaches or extortion campaigns.

    Attackers can further refine targets through basic reconnaissance, focusing
    on higher earners or employees scheduled for severance payouts.

    Earlier campaigns relied on malvertising and credential phishing, but the shift toward live phone interactions reflects tactics that bypass technical defenses entirely.

    Antivirus tools offer little protection when attackers obtain credentials voluntarily during a convincing conversation.

    Similarly, malware removal tools, although relevant for other threats, do not address this category of attack.

    Security guidance emphasizes strict identity verification procedures for support staff handling account recovery requests.

    First-line help desk personnel are advised against modifying authentication factors directly, instead issuing temporary access codes only after
    successful identity checks.

    Organizations are also encouraged to limit access to sensitive applications
    to managed devices and apply higher scrutiny to requests originating from unusual locations or networks.

    Its interesting to see payroll fraud actors joining the swelling number of threat actor groups targeting help desk professionals for access to user accounts, says Brett Winterford, Vice President of Threat Intelligence at Okta.

    This situation underscores the importance of giving IT support personnel the tools they need to verify the identities of inbound callers, and to give them account recovery options that limit the ability of a rogue caller to take
    over an account.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-hackers-are-coming-after-your -christmas-bonus-as-paychecks-come-under-threat


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)