Phishing Email Awareness for Evolution Payroll & Advanced HR Clients

Phishing Email Awareness for Evolution Payroll & Advanced HR Clients

At Payroll Partners, our clients’ data security and privacy is of utmost importance to us. We’re always monitoring trends in cyber security and fraudulent activity in order to prevent future attacks to our clients.

With this in mind, we want to inform you there’s been a recent increase in digital crimes that might impact employees within your organization without their knowledge. The FBI and the IRS have reported a 60% uptick in digital crime, targeting tax and payroll information during the 2018 tax season. The majority of this digital crime is targeting people and companies that directly process payroll and are carried out through phishing emails where criminals seek to redirect payroll funds to fraudulent accounts by either gaining access to a user’s credentials or by impersonating an employee and requesting to change the information.

Payroll providers have investigated these incidents and have determined that the attacks are generally executed under an authorized user’s account without that account user’s knowledge. Payroll Partners consistently monitors its systems for intrusion with advanced System Information and Event Monitoring (SIEM), Intrusion Detection Systems, and Anti-Virus systems. Through those monitoring and security solutions, Payroll Partners has seen no indication of compromise from within our systems. This would indicate that the user’s credentials were likely obtained via other means, most likely through a phishing attack.

Below are some tips that can be used to make your systems harder targets for potential attackers:

1) It is imperative that users take a second when going through email to ensure that the email is really coming from the person who you believe sent it. Payroll Partners or Evolution Payroll will never email you and ask for your credentials.

Below is a sample email that was identified and is in fact spam. This email is pretending to be Joe Karbowski, and we have highlighted several areas that you can use to help identify phishing in the future:


If you are the least bit unsure as to whether an email came from the person who they say they are, DON’T click on a link or open an attachment. Contact the sender directly by separate email or telephone to confirm that they actually sent it. If the email pretends to be from Payroll Partners or Evolution contact us immediately.


NEVER put in credentials on a site that you got to by following a link in an email. 

2) Implement Multi-factor authentication (MFA). While this does not secure the Evolution Classic client, the attacks that we have seen have all been through Evolution Payroll, and if implemented, MFA on Evolution Payroll/Advanced HR will all but eliminate the risk of compromised user credentials being used to access Evolution Payroll/Advanced HR. Contact Payroll Partners to learn more about enabling Multi-Factor Authentication for Evolution Payroll/Advanced HR.

3) Users should create strong unique passwords for Evolution that are not reused across any other systems. Strong passwords may contain 8+ characters, contain at least 1 of each of the following, number, lowercase letter, uppercase letter, and a special character. Additionally, the password should not contain any easily guessable names or phrases, such as the names of your kids or pets. One easy way to create a password is to use a passphrase which is several unrelated words strung together. See below for an example:


Implement daily or weekly audits of all direct deposit changes looking specifically for repetitive ABA numbers or mass changes within a very short period of time (e.g., within 30-45min).

4) Implementing these three best practice items will help to find issues with updates to Direct Deposit transactions.

5) Implement annual information security awareness training that includes anti-phishing training and other safe computing information. These services can be had for $10-15/employee/year and offers the biggest cost to benefit ratio of any security investment. Remember your people are the human firewall to your environment.

If you have any questions, please contact your Payroll Partners support team at 817-226-8111 or