Analysts began monitoring a phishing scam known as “Payroll Pirates” that involves payroll redirection and primarily targets employees of various organizations, particularly those using Workday. The threat actors use malicious SEO poisoning and spoofed Human Resources (HR) pages to trick victims into providing employee portal credentials. Once they gain account access, they change banking information to redirect payroll funds to threat actor-controlled accounts. Click HERE to read the NJCCIC 12/12/24 Advisory on this topic.