Important! Payroll Fraud Phishing Attacks

The below message was received from UBC Cybersecurity, and has been posted here to promote awareness on this issue. 


Please be advised that UBC Cybersecurity is aware of an alarming increase in Payroll Fraud phishing attacks.

Criminals have crafted tailored messages targeting members of finance and/or payroll teams, attempting to trick them into updating employees’ direct deposit account information in order to re-route employees’ paycheques. At least one case has been successful so far, and we suspect that many more similar attempts are just on the horizon.

With this information in mind, you must be vigilant when examining any message that you receive in your Inbox.

Please keep the following checklist handy during your review:

  • Watch for the [CAUTION: Non-UBC Email] banner at the top of emails.
  • Emails from UBC colleagues and services will NOT have this banner applied.
  • Emails from UBC colleagues and services should not be from internet mailing services like Gmail or Hotmail.
  • Do not open attachments that you weren’t expecting, especially if they require a password to open.
  • Contact the sender either by phone or by sending them a separate email to a known email address (do not reply to the email you received) to confirm legitimacy.
  • Do not click on links in messages.
  • Always type the website address into your browser.
  • Be wary of messages that convey a sense of urgency:
  • ‘I need to change my deposit information before the next paycheque…’
  • Beware of messages claiming certain services like Workday or CWL aren’t working.
  • Direct the sender to the IT Service Centre for urgent assistance and validation
  • Trust your gut, if the sender’s standard email format isn’t followed (e.g. their signature has changed or their email just doesn’t sound quite like them), follow up to see if it’s legitimate.
  • Report any suspicious emails messages to

If you follow this checklist every time you review your email, we’re confident you will spot something suspicious when it arises and will follow the safe course of action.

Remember, no matter who someone claims to be, you should never feel pressured to “help” someone by engaging in steps that do not follow proper procedure and protocol. Instead, scrutinize any unusual requests and immediately escalate them to your supervisor. If in any doubt, please report suspicious email messages (preferably sent as attachments) to We’re happy to review emails or any other form of electronic communication to assist in validating a request.