Stay alert: Safeguarding against employee impersonation and HR system credential compromise

Many people are used to monitoring their email inboxes for phishing. Yet, like many other industries, HR is experiencing a rise in social engineering calls.  

Many of these calls involve fraudsters impersonating legitimate employees with the goal of tricking HR teams into changing sensitive information. 

What can you look out for? One instance could be someone impersonating an employee, calling the HR department, and convincing the HR team member to update their payroll information. This could lead to the potential compromise of an employee’s payroll or personal identification data.  

These calls are becoming more convincing because software can be used to create a more realistic impersonation of a person’s voice, also known as a deep fake. This is especially true for executives and employees who have publicized speaking events, podcasts, or interviews readily accessible online. Fraudsters may leverage these recordings and attempt to impersonate their voices. 

Another example might be calls to the HR department from impersonators claiming to be from IT, with the goal of helping them update their system, apply a patch, or perform some other IT-related task. These calls are designed to trick employees into sharing their system credentials, including for HR systems, which once shared, might give cybercriminals the ability to compromise the system(s). 

What HR professionals can do to stay vigilant: 
 

1. Ensure that you have unique security questions set up for your employees to authenticate themselves when making important changes, such as payroll updates. Ensure employees do not share their passwords or answers to these security questions with others. 
2. Educate your HR team on the risks of social engineering calls, and train them to properly authenticate employees. 
3. Train all employees on how to spot and report suspicious emails (phishing), voice calls (vishing), and text messages (smishing).  
4. Speak to your HR system administrator about enabling multi-factor authentication, which helps reduce the impact of compromised credentials. 

Learn more about social engineering calls in CrowdStrike’s 2025 Global Threat Report.