High riskEmail Scams

HR Portal Email Scam

This scam emails employees pretending to be the HR or staff portal, asking them to log in to review a policy, payslip, or benefits update, leading to a fake page that captures work credentials for further fraud.

Quick verdict

Risk level

High risk

Scam type

Workplace impersonation phishing

Main red flag

An email pushes you to log in to the HR or employee portal via a link.

What to do first

Do not use the link. Open the portal through your usual bookmark or intranet.

What this scam usually looks like

Example message pattern

Example pattern — not a real report

Example pattern: 'Action required: review and acknowledge your updated benefits in the employee portal by Friday: [suspicious link]' leading to a fake login.

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

A login link to the HR or employee portal
Pressure tied to a policy or benefits deadline
A login page whose address is not your company's
A sender address that is external or slightly off
Requests to 'verify' your work credentials

What to do

Open the HR or employee portal through your usual bookmark or intranet
Verify any request with your HR or IT team
Report the email to your security team
Enable multi-factor authentication on work accounts

If you already clicked or replied

If you entered your work login, tell IT and change it immediately
Watch for misuse of your payroll or benefits details
Review your account for changed direct deposit or contact details
Alert colleagues who may have received the same email

What not to do

Do not log in to work portals through email links
Do not share work credentials
Do not ignore a possible compromise; report it

Similar scams

High risk Bank & Payment

Payroll Direct Deposit Scam

In this scam, a fraudster emails an employer's HR or payroll team while pretending to be an employee and asks to update their direct-deposit bank details, diverting the next paycheck to the scammer's account.

High risk Email

Microsoft Account Email Scam

This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.

High risk Email

Tax Document Email Scam

This scam emails that a tax document, payslip, or important form is ready to download or view, linking to a fake login page or a malicious attachment that steals credentials or installs malware.

Frequently asked questions

Why target employee portal logins?

Work credentials can unlock payroll, personal data, and company systems, enabling direct deposit diversion and wider attacks. That makes them valuable to scammers.

How do I access the portal safely?

Use your usual bookmark or company intranet, not a link in an email, and verify unexpected requests with HR or IT.

I entered my work login. What now?

Tell your IT or security team immediately, change your password, and check for changes to your direct deposit or contact details.

How can my employer reduce this risk?

Use multi-factor authentication, train staff to verify portal links, and provide a clear way to report suspicious emails.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.