Published On 12/10/2025
|
Last update: 20:50 (Mecca time)
Microsoft has warned universities and companies of a new cyber attack it calls “Payroll Pirate,” in a clear reference to hackers stealing employees’ salaries without either party realizing the theft has occurred, according to a report published by the Ars Technica website.
Microsoft explains that the attack relies on a combination of phishing attacks and fraudulent website design, and the attack aims to change the bank account data found in the human resources portals of companies and universities, so that the salary is sent to an account controlled by the hacker instead of an account controlled by the original employee.
This is done by sending a group of e-mail messages that appear very real and are formulated with high professionalism. These messages direct victims to sites that mimic human resources management portals or even university websites.
The hacker then steals the victim’s data as soon as it is entered on this fake page, and uses it later to enter the human resources management portals. This theft includes two-step confirmation codes generated from external applications or received via text messages.
The company noted that this attack is widely used with the famous Workday platform for human resources management, and the hacker changes the account settings immediately after entering it by placing his own email and phone number in addition to his bank account number.
Microsoft indicated that this attack – which it first noticed last March – was used on more than 6,000 victims at 25 different universities.
The company warned that this attack steals money from the user’s account and the company’s account without either party realizing that the theft has occurred. As for the company or university, it deposited the salary using the account on the platform, and as for the victim, this salary did not reach him.
The report directed the use of two-step authentication tools linked to vital indicators, such as secure key options in phones or even physical secure keys, because they are more difficult to hack.
