Why would a scammer target my work email?

Accessing one corporate account allows scammers to send internal phishing emails to your coworkers, who are even more likely to trust a message coming from a 'colleague'.

I already logged into the fake portal. What should I do?

Immediately contact your company's IT or Security department. Change your corporate password and enable (or reset) your multi-factor authentication (MFA).

How can I verify if an HR email is real?

Don't click any links. Open a new browser tab and navigate to your company's known internal portal, or contact your HR representative directly via your internal chat app (like Slack or Teams).

HR Email Checker

Verify 'Internal' HR emails before you click 'Login'.

Scammers use Business Email Compromise (BEC) to impersonate your company's HR department. They send fake alerts about 'Updated Payroll Policies' or 'Mandatory Training' to trick employees into entering their corporate credentials on a phishing page.

Security Insight

HR-themed phishing is highly effective because employees are conditioned to trust and respond quickly to internal communications. A single compromised employee account can lead to a company-wide data breach.

Identifies fake 'Payroll Update' lures

Spots suspicious 'Policy' attachments

Protects your corporate login

Analyze an HR Email Business Scam Guide

How to spot a Fake HR Email

Internal company communications follow specific internal branding and domain rules. Watch out for these red flags in any message claiming to be from your HR department.

The 'Urgent Action Required' tone

Emails claiming you will miss a 'payroll deadline' or 'bonus payout' unless you log in immediately are designed to bypass your critical thinking.

Link to an external domain

If the 'Payroll Portal' link goes to a site like 'company-hr-verify.net' instead of your company's official internal subdomain, it is a scam.

Requests for Personal Banking Info

A real HR department will never ask you to email your banking details or SSN. These updates always happen through a secure, internal ERP system.

Inconsistent Branding

The email uses an old company logo, the wrong office address, or includes a 'Help' link that leads to a generic external site.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

Sender address mismatch

The email claims to be from 'HR Support' but the actual sender address is @gmail.com or an unrelated corporate domain.

Unexpected 'Employee Handbook' PDF

Attachments that require you to 'Enable Content' or 'Enable Macros' are malicious files designed to install keyloggers on your workstation.

Generic 'Valued Employee' greeting

Internal emails usually address you by your first name. A generic greeting in an 'important' internal update is a major red flag.

The 'Performance Review' lure

Using a 'negative review' or 'termination notice' as a fear-based lure to get you to open a malicious attachment immediately.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

Fake Company Email Checker

Broad guide for identifying external impersonation of trusted brands.

Read the guide

Fake Recruiter Scam Checker

Learn about fraudulent job offers and external recruitment fraud.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze an HR Email Business Scam Guide