Phishing Isn’t Just Email Anymore

Most people think of phishing as suspicious emails asking you to click a link. While email phishing still exists, attackers now use many different communication channels that feel more personal and harder to question. Text messages, voicemails, QR codes, and even fake benefits notices are increasingly common because they look routine and urgent.

For HR and benefits teams, this matters. Payroll data, benefit elections, Social Security numbers, and banking details are highly valuable to attackers. The more realistic the message appears, the more likely someone will respond before stopping to verify it.

Below are common phishing methods employees are encountering today and what to watch for.

Text Messages (Smishing)

Attackers send texts pretending to be HR, payroll, a carrier, or an administrator.

Examples

• “Your direct deposit failed. Update banking details here.”
• “Action required: confirm your benefit elections before midnight.”
• “Secure message from HR: view your W-2.”

These messages often include shortened links or unfamiliar web addresses and create urgency so the recipient acts quickly.

Red flags

• Unexpected request to log in
• Link that does not clearly match your company or administrator
• Urgent deadlines or warnings about suspension

Voicemail and Phone Calls (Vishing)

Fraudsters now leave convincing automated voicemails or call directly, posing as HR staff, IT support, or a benefits carrier.

Examples

• “This is the benefits department. We detected a change to your coverage. Please call back to confirm.”
• “Your payroll account has been locked. Press 1 to verify your identity.”

They rely on employees returning the call and volunteering information.

Red flags

• Requests for passwords, verification codes, or full Social Security numbers
• Pressure to act immediately
• Callbacks to unfamiliar numbers

QR Code Scams (Quishing)

QR codes appear harmless because people associate them with menus and quick access. Attackers use them in printed flyers, emails, and mailed notices to bypass traditional link inspection.

Examples

• Posters about “New wellness program enrollment”
• Mailers directing you to scan to confirm benefits
• Flyers left in break rooms for “updated payroll portal access”

Once scanned, the code directs you to a fake login page designed to capture credentials.

Red flags

• QR codes on unexpected communications
• Codes asking you to log into payroll or benefits systems
• Printed notices not previously announced by HR

Fake Benefits and Payroll Notices

Because benefits communications are routine, they are frequently impersonated.

Examples

• Open enrollment confirmations you never requested
• COBRA or coverage termination warnings
• Requests to verify dependents or banking information
• Messages stating your coverage will end today unless you respond

These messages look legitimate because attackers copy logos, signatures, and formatting from real communications.

Red flags

• Slightly altered company names or domains
• Attachments you were not expecting
• Requests for personal or financial information outside normal processes

How Employees Can Protect Themselves

Before clicking, scanning, replying, or calling back:

• Pause and verify using known contact information
• Navigate directly to the official website instead of using provided links
• Do not share passwords or verification codes with anyone
• Report suspicious messages to HR or IT immediately

Remember, legitimate HR or benefits administrators will not ask for sensitive information through unexpected messages.

Why Reporting Matters

Even if you did not interact with the message, reporting it helps prevent others from falling victim. Many attacks target multiple employees at once, and early reporting allows organizations to block and warn quickly.

Phishing attempts now look routine and familiar. Taking a moment to verify before responding remains one of the most effective ways to protect personal and company information.