Phishing Attacks Threaten HR/Payroll Data: Query Manager Protects

By Danielle Larocca
Danielle Larocca

Senior Vice-President of HCM Solutions Danielle Larocca has worked in the SAP HCM space for over 20 years. An SAP Mentor and featured speaker at numerous conferences, Danielle has authored four best-selling books on SAP, is the Technical Editor for the SAP Professional Journal, and often the Voice of the Expert on SAPInsider’s Ask the Expert series for HR.

Written on Jul 1, 2017 8:03:00 PM

1 minute read


Hackers target payroll vulnerabilities with phishing attempts

It seems like I read about another large online hack, malware or phishing scheme nearly every week. These days, not even HR and payroll departments are immune to these attacks. In one recent case, several universities experienced a phishing attack where the perpetrators sent mass emails to employees posing as a member of the Human Resource department. The email asked the employee to “confirm” their payroll and direct deposit banking information, and contained a link to a bogus site where the employee was asked to enter the data. The ultimate goal of the hackers was to access employee payroll direct deposit accounts.

According to a recent study by specialist insurer Beazley, there has been a dramatic increase in phishing scams aimed at employee tax information. Those scams represent 9% of all breaches Beazley handled in the first quarter of 2017. Beazley also found that the higher education sector has increasingly become a target, accounting for 48% of data breaches in Q1 2017 alone.

One customer’s proactive solution

Recently, one of our customers in the education sector fell victim to this type of attack. Several employees followed a phishing scheme’s instructions, and the perpetrators were able to capture the employees’ ESS login information as well as the bank account information before rerouting the direct deposit to their own bank accounts. This caused the complete loss of several employees’ pay checks.

Rather than being deterred, that clever customer instead focused on finding a way to help identify and prevent this type of phishing attack in the future. The customer already offered a custom Account Alert solution for ESS-related changes, but not all employees had enrolled. So, in addition to a new two-factor authentication process, they wanted to monitor changes made to employee banking information in ESS. Unfortunately, SAP standard reports didn’t meet their needs, so they created a custom Z-table to capture ESS changes to the Bank Information Infotype (0009) and then used EPI-USE Labs’ Query Manager™ to generate a regular report to display the data.

Query Manager provides access to HR, payroll and custom table data

Creating reports that combine master data, payroll data and Z-tables is not something you can do via the Ad Hoc Query or SAP Query reporting tools. The advantage of using Query Manager in this case was the ability to easily add the new custom Z-table, and combine that data with both HR Master data (PNP database) as well as payroll data from the PCL2 cluster. The resulting report is run right after payroll closes each pay period. Since deployment, the customer has prevented additional phishing incidents from successfully stealing an employee’s pay. While it is a manual process to review the ESS data, they were fortunate that they did not have that many direct deposit changes.

This report referenced a Z-table so it is unique to this customer, but the principle can be applied to other types of phishing incidents in the future. This is simply another example of a clever customer leveraging the tools at hand to solve business challenges.

Learn more about SAP reporting

Topics: SAP Reporting HCM Reporting SAP Query


Add a comment