Trickbot Using Fake Paychex Email Domain to Deliver Malware

A malware Trojan, Trickbot, is being delivered via email using a spoofed Paychex domain. The email appears to come from Paychex, but the domain paychex.email is not a legitimate Paychex domain and Paychex did not send the email. Paychex systems are secure and have not been hacked or compromised.  

The email that was sent out looks like:

The email contains an attachment that will deliver Trickbot Malware to the victim if it’s opened. Trickbot seeks to steal user credential information (usernames and passwords) when the user logs into financial and/or payroll processing related websites. Trickbot Malware is targeted to many financial and payroll processing companies and is not specific to Paychex. More information about Trickbot can be found here.

If you receive an email like this, delete it. Do not click on any links or open any attachments. If you clicked on a link or opened an attachment and believe your information may have been compromised, we strongly recommend that you work with your IT professional to remove the malware. Your user credentials for any sites targeted by Trickbot will be vulnerable until it is removed.   

If you believe your Paychex accounts may be compromised, contact Paychex Online Support at 888-246-7500. And, monitor your accounts for any unusual activity.