Skip to main content Skip to footer site map

Security Update: Fraudulent Emails

February 19, 2015
 

An outside party is distributing fraudulent emails containing "Paychex Insurance Agency" in the subject line. The notifications are sent from various email addresses to some of our clients, their employees, and non-Paychex users. Paychex, Inc., did not send these emails.

This is a sample of the fraudulent message:

Sample Fraud Message

While the message appears to have come from a legitimate email address, it is a case of "spoofing," wherein a hacker creates the email to appear valid even though it is configured to work maliciously behind the scenes. The fraudulent email could contain an attachment with potential malware or point to a malicious destination.

 

If you receive this email:

 

  1. Delete it without opening any of the attachments. Please share these instructions with everyone in your office.
  2. If you already opened an attachment, please call your Paychex payroll contact as soon as possible. As a safety measure, do not log in to your Paychex Online account or any other password-protected account from your computer.

We constantly monitor the Paychex systems and have safeguards in place to protect your data. The senders of these messages often mask their emails to look like they are from financial-based companies, including banks and payroll companies. Please be vigilant. If you are suspicious of any email, it is best to delete it.