Payroll Pirates Target Help Desks To Siphon Employee Paychecks
Okta, Monday, December 29th, 2025
Thieves have their eyes on your payroll. But instead of using a mask and a gun, they are sitting behind a keyboard and a phone.
Okta Threat Intelligence recently issued a threat advisory highlighting another method threat actors are using to gain unauthorized access to payroll applications.
In a cluster of threat activity tracked by Okta as O-UNC-034, cyber thieves employed social engineering, calling help desk personnel on the phone and attempting to trick them into resetting the password for a user account. These attacks have impacted multiple industries, including education, manufacturing, and retail, and follow similar attacks on payroll systems earlier this year that leveraged malvertising and credential phishing for initial access.