Security Update: Fraudulent Emails

February 19, 2015
An outside party is distributing fraudulent emails containing "Paychex Insurance Agency" in the subject line. The notifications are sent from various email addresses to some of our clients, their employees, and non-Paychex users. Paychex, Inc., did not send these emails.

This is a sample of the fraudulent message:

fraudemail_20140508

While the message appears to have come from a legitimate email address, it is a case of "spoofing," wherein a hacker creates the email to appear valid even though it is configured to work maliciously behind the scenes. The fraudulent email could contain an attachment with potential malware or point to a malicious destination.

If you receive this email:

  1. Delete it without opening any of the attachments. Please share these instructions with everyone in your office.
  2. If you already opened an attachment, please call your Paychex payroll contact as soon as possible. As a safety measure, do not log in to your Paychex Online account or any other password-protected account from your computer.
We constantly monitor the Paychex systems and have safeguards in place to protect your data. The senders of these messages often mask their emails to look like they are from financial-based companies, including banks and payroll companies. Please be vigilant. If you are suspicious of any email, it is best to delete it.
Lisa Fleming
Manager, Public Relations
585-387-6402

Lisa Fleming

Lisa Fleming joined Paychex in 2006 and last year was promoted to the position of public relations manager. As part of her role, Lisa leads the department’s external communications efforts and manages the company’s relationship with its outside PR agency partner, Eric Mower & Associates. Lisa is a graduate of Canisius College in Buffalo, New York where she studied English and Communications.