Watch out - hackers are coming after your Christmas bonus, as paychecks come under threat

Cyber thieves are quietly siphoning individual salaries

News By Efosa Udinmwen published 19 December 2025

(Image credit: Pixabay) Share Share by:

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google

• Attackers exploit help desk personnel to gain unauthorized payroll system access
• Social engineering lets hackers redirect employee salaries without triggering alerts
• Targeting individual paychecks keeps attacks under law enforcement and corporate radar

Payroll systems are increasingly targeted by cybercriminals, particularly during periods when bonuses and end-of-year payments are expected.

Okta Threat Intelligence reports that attackers focus less on breaking into infrastructure and more on exploiting human processes surrounding payroll access.

Rather than deploying ransomware or mass phishing campaigns, these actors aim to quietly divert individual salaries by manipulating account recovery workflows.

Help desks emerge as the weak link

Tracking a campaign known as O-UNC-034, Okta reported that attackers are calling corporate help desks directly.

Posing as legitimate employees, they request password resets or account changes, relying on social engineering rather than technical exploits.

These calls have affected organizations across the education, manufacturing, and retail sectors, indicating that no single industry is the focus.

Once access is granted, attackers attempt to register their own authentication methods to maintain control over the compromised account.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors