Security News

Stay up to date on the latest fraudulent communications that our clients may have received.

Security Update: "WannaCry" Ransomware Worm

May 17, 2017

As widely reported in the news media, WannaCry is a ransomware program targeting the Microsoft Windows operating system. WannaCry, as with other ransomware, blocks customers from accessing their data unless they pay a ransom to release the data. The WannaCry worm originated from information stolen from the National Security Agency, or NSA, in the United States. On Friday, May 12, 2017, cyber criminals launched WannaCry, infecting more than 230,000 computers in 150 countries.

Paychex Security has already taken actions to prevent the infection and spread of this ransomware, and we have no indication of the WannaCry worm in our system. We'll continue to evaluate and mitigate any risks of infection using multiple defense strategies. Our client data remains secure and available both to Paychex and our clients.

Paychex views the security of your information with the utmost importance. To protect your business from this worm, we encourage you to install Microsoft's latest security update.

Security Update: Ticketbleed

February 10, 2017

The recently reported cyber-security threat nicknamed “Ticketbleed” is a website vulnerability that can potentially expose data transmitted between clients and servers. After extensive analysis and remediation, Paychex has eliminated any potential exposure to this vulnerability.

The security of your information remains our highest priority; therefore, we constantly monitor Paychex systems and have safeguards in place to protect your data.

Please contact your Paychex representative with any questions.

Be Vigilant! Help Fight Cyber Crime This Season

April 5, 2016

Tax season is primetime for cyber criminals. Attempting to steal and use your company's sensitive financial and tax information is big business for hackers. As the filing deadline approaches, remember these helpful online security tips:

  • Be on the lookout for odd requests. For example, the "CEO of the company" wants copies of employee W-2s, or a "bank or financial institution" demands tax information. Be sure to verify all such requests before replying.
  • Phishing messages often come with real logos and appear to be from legitimate businesses. Cyber criminals have become more sophisticated, and their fraudulent messages are more difficult to spot. Don't be fooled.
  • Don't divulge personal or corporate information over the Internet. No matter how rushed you feel, think before you click. Criminals are counting on your carelessness.
  • Don't download software from the Internet, open email attachments, or click on Internet links that launch websites or web ads, especially if the URLs don't appear to come from a trusted source.
  • Secure your computer and mobile devices using an updated operating system, anti-spyware, and the most current anti-virus software.

We strongly recommend that you update your Paychex account to the highest level of security we offer. For Paychex Flex clients, that means one-time passcodes. Although an extra step or two can sometimes seem like a hassle, preventing an online security breach is easier than dealing with one after it happens.

Despite everyone's best efforts, cyber criminals might still gain access to data through third parties. As your trusted partner, Paychex has a dedicated fraud call center, and we may be able to help you or your employees if you are victimized by tax refund fraud. You can contact the Paychex fraud center at 844-779-2935 or

IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s

March 10, 2016

The Internal Revenue Service issued an alert to Payroll and HR Professionals regarding a new phishing scheme involving W-2s. Cybercriminals are emailing company payroll departments posing as the CEO of company and requesting an employee listing complete with personal information including Social Security Numbers. IRS Criminal Investigation has received several reports of individuals falling prey to this scheme. IRS is advising anyone receiving a similar request for personnel listings appearing to be from the company CEO to investigate before sending sensitive data.

Refer to IRS Alert 2016-34 for additional information.

New Spear Phishing Scam

February 24, 2015

The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.

US-CERT encourages users and administrators to review the IRS press release for details and refer to US-CERT Security Tip ST15-001 for information on "tax" themed phishing attacks.


Security Update: "Shell Shock"

October 1, 2014

In recent days, you may have seen media reports of a software flaw nicknamed “Shell Shock.” It is a bug that allows remote-attackers to attempt to send unwanted code to a system.

We want to assure you that Paychex systems have not been impacted. The security of your information is our highest priority. And, as always, our Information Technology team is monitoring and managing this situation.

Thank you for reviewing the information contained in this advisory.

Fraudulent Emails Not From Paychex Insurance Agency

An outside party is distributing fraudulent emails containing "Paychex Insurance Agency" in the subject line. The notifications are sent from various email addresses to some of our clients, their employees, and non-Paychex users. Paychex, Inc., did not send these emails.

This is a sample of the fraudulent message:

Example of Fraudulent Email

While the message appears to have come from a legitimate email address, it is a case of "spoofing," wherein a hacker creates the email to appear valid even though it is configured to work maliciously behind the scenes. The fraudulent email could contain an attachment with potential malware or point to a malicious destination.

If you receive this email:

  • Delete it without opening any of the attachments. Please share these instructions with everyone in your office.
  • If you already opened an attachment, please call your Paychex payroll contact as soon as possible. As a safety measure, do not log in to your Paychex FlexSM account or any other password-protected account from your computer.

We constantly monitor the Paychex systems and have safeguards in place to protect your data. The senders of these messages often mask their emails to look like they are from financial-based companies, including banks and payroll companies. Please be vigilant. If you are suspicious of any email, it is best to delete it.