New Fraud Campaign Targets Employee Mobile Devices via SEO Poisoning

In May 2025, ReliaQuest detected a new fraud campaign using SEO poisoning techniques to target employees' mobile devices and facilitate payroll fraud. This activity, targeting an unnamed client in the manufacturing sector, is characterized by the use of fake login pages to access employees' payroll portals and redirect payments. Employees searching for payroll portals on Google are deceived and send their paychecks to hackers.