HR Portal Email Scam
This scam emails employees pretending to be the HR or staff portal, asking them to log in to review a policy, payslip, or benefits update, leading to a fake page that captures work credentials for further fraud.
Quick verdict
What this scam usually looks like
This scam emails employees pretending to be the HR or staff portal, asking them to log in to review a policy, payslip, or benefits update, leading to a fake page that captures work credentials for further fraud.
Example message pattern
This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.
Red flags to watch for
- A login link to the HR or employee portal
- Pressure tied to a policy or benefits deadline
- A login page whose address is not your company's
- A sender address that is external or slightly off
- Requests to 'verify' your work credentials
What to do
- Open the HR or employee portal through your usual bookmark or intranet
- Verify any request with your HR or IT team
- Report the email to your security team
- Enable multi-factor authentication on work accounts
If you already clicked or replied
- If you entered your work login, tell IT and change it immediately
- Watch for misuse of your payroll or benefits details
- Review your account for changed direct deposit or contact details
- Alert colleagues who may have received the same email
What not to do
- Do not log in to work portals through email links
- Do not share work credentials
- Do not ignore a possible compromise; report it
Similar scams
Payroll Direct Deposit Scam
In this scam, a fraudster emails an employer's HR or payroll team while pretending to be an employee and asks to update their direct-deposit bank details, diverting the next paycheck to the scammer's account.
Microsoft Account Email Scam
This scam sends a fake Microsoft or Outlook email about an unusual sign-in or an account about to be closed, linking to a fake Microsoft login page that captures your email and password.
Tax Document Email Scam
This scam emails that a tax document, payslip, or important form is ready to download or view, linking to a fake login page or a malicious attachment that steals credentials or installs malware.
Frequently asked questions
Why target employee portal logins?
How do I access the portal safely?
I entered my work login. What now?
How can my employer reduce this risk?
Last reviewed: June 2026