Microsoft warns about "Payroll Pirate," a scam that steals corporate payrolls

The digital age brings with it advances, but also risks. Microsoft has just issued an alert about "Payroll Pirate," a sophisticated fraud scheme that steals employee salaries after accessing human resources accounts. This new threat not only affects large companies but also educational institutions and universities, highlighting the expansion of cyberattacks.

Attackers leverage platforms used by many companies, such as Workday , to manage payroll and employee benefits. Using phishing emails that mimic legitimate websites, criminals obtain credentials and multi-factor authentication (MFA) codes. Using these tools, they intercept the codes and gain access to real employee accounts.

Once inside, the hackers modify the payroll accounts to divert deposits to their own accounts. To avoid detection, they implement email rules that block automatic notifications from Workday, allowing the fraud to go undetected.

Since March 2025, 11 accounts at three universities have been compromised by the "Payroll Pirate." However, the true extent of the scam is evident in the nearly 6,000 phishing emails sent in seven months , targeting employees at various organizations. The messages simulate alerts about exposed data or changes in benefits, successfully fooling even cautious users.

In some cases, hackers add their own phone number as a recovery method, granting almost permanent access to compromised accounts.

Given this scenario, Microsoft recommends abandoning code-based MFA systems and opting for more secure methods, such as passkeys or physical FIDO keys , which make unauthorized access more difficult.

Additionally, the company recommends reviewing email policies and detecting suspicious security message blocks. Ongoing employee education about phishing and digital security practices becomes a key tool for reducing risks.

Scams like "Payroll Pirate" demonstrate that hackers are evolving rapidly , targeting vulnerabilities in businesses and educational institutions. Protecting sensitive information, especially payrolls, requires advanced strategies, staff awareness, and cutting-edge security tools.

The economic and reputational impact of a successful attack can be severe, affecting everything from salaries to employee confidence in the company. Therefore, prevention and technological updating are essential for any modern organization.