MC3 Cyber Situational Awareness Message (SAM) – Phishing incident targeting payroll

[img src=”/wp-content/uploads/sites/1097/2018/03/blog-img-mc3-cyber-situational.jpg” class=”aligncenter”]


The Michigan Cyber Command Center (MC3) is aware of multiple incidents in which phishing campaigns were used to obtain user account credentials. Once this information was obtained, malicious actors accessed employee payroll accounts and rerouted payments to another financial account. In one of the more recent incidents, hospital employees were targeted. They were tricked into visiting a site where their user credentials were requested. Once credentials were entered, the malicious cyber actors used the credentials to access their human resources portal and alter the employee’s banking information.


Activities such as this are highly profitable for malicious cyber actors and as such, they will continue (if not accelerate) in the future. To help prevent incidents like this from occurring, the MC3 strongly suggests organizations consider the following options:

  1. Train employees to identify and report suspicious emails and phishing attempts
  2. Require two-factor authentication when accessing sensitive employee data
  3. Enable logging on internal and remote logins to applications and portals
  4. Notify employees via text message or external email account once sensitive employee information has been changed
  5. Enact policies and procedures which require a multi-step process to be taken when changing sensitive employee information
Scroll to Top