A growing phishing scheme called Payroll Pirates uses fake Google and Bing ads that impersonate payroll, HR, and benefits portals to steal employee credentials. CheckPoint says the malicious ads look identical to the real login pages and appear at the top of search results, making it easy for users to click without noticing subtle domain differences. Employees should check URLs carefully, use only bookmarked links for HR and payroll systems, and ignore pop-ups or emails that urge action on their accounts. Companies should remind staff never to approve MFA prompts they didn’t initiate and to report any suspicious messages or unexpected login screens immediately.

Via CheckPoint