Dayforce has noticed more phishing websites appearing on the internet, trying to steal your information. Here are some recommended actions to protect yourself from phishing attacks.
Dayforce actions:
Dayforce wants to remind you that Dayforce has features to help keep your account safe.
If you get any messages from Dayforce about changes to your password, MFA (Multi-Factor Authentication) registration details, direct deposit, or personal information that you did not expect, we suggest you change your password right away and tell your system administrator.
Action Required by You:
To protect against phishing attempts, please log in only to the official Dayforce HCM website (https://www.dayforcehcm.com/). Be aware that scammers are creating fake websites that might show up in Google searches and look like the real Dayforce site. So, do not search for the Dayforce website through Google or other search engines.
Cyber criminals use tricks like fake emails, texts, phone calls, and websites to steal Dayforce users’ login information. They use this information to access accounts, change direct deposit details, and redirect paychecks to their own bank accounts. They might also target Dayforce Wallet users and steal their funds.
Learning about these threats is important to keep yourself safe. To protect against this type of fraud, please read and follow these tips.
Tip 1: Verify the Dayforce URL
Cyber criminals are creating new fake websites and phishing emails that look like the trusted Dayforce brand. Their goal is to trick people into giving away their Dayforce login details. While Dayforce works hard to remove these threats, scammers keep launching new attacks with more fake websites and phishing emails.
Fake Dayforce websites might show up in search engine results or be sent to you via phishing emails or texts, often offering gift cards or asking for urgent action.
To protect yourself, always make sure you use the correct Dayforce link for your organization when logging in. Check the URL and the security certificate.
We strongly encourage you to bookmark the correct URL for Dayforce, and to not use a search engine, like Google, to find the URL for Dayforce. Below is an example of a search engine query result showing and linking to a fake website.
Tip 2: Use strong passwords
Passwords are the first line of defense to protect your accounts. Here are some ways to ensure your accounts are unique, secure, and protected.
- Misspell words, avoid using common words and phrases, use a variety of characters
- Switch it up, don’t use the same password for multiple accounts
- Don’t share your passwords
- Change your password frequently
Tip 3: Protect yourself from phishing attacks
Protecting yourself from phishing attacks is essential for keeping your personal information and online security safe. Here are some easy steps to help you stay protected:
- Be Skeptical: Be cautious of any unsolicited messages, emails, or website links. Verify the source before taking any action.
- Be Aware: Watch out for unexpected emails from HR or senior staff asking for payroll-related changes or information.
- Verify the Sender: Double-check the sender’s email address or the URL of a website. Make sure it matches the legitimate source.
- Beware of Urgency: Phishing emails often create a sense of urgency to pressure you into quick action. Take your time to verify.
- Don’t Click on Suspicious Links: Hover over links in emails or messages to see where they lead. If unsure, type the URL directly into your browser.
Remember, constant vigilance is key. Fraudsters can strike when we least expect it, but by following these security practices, you can greatly reduce the risk of Payroll Diversion Fraud.
If you think you’ve fallen victim to Payroll Diversion Fraud, contact your HR team immediately and change your Dayforce account password.
For more information, read Dayforce’s blog post: https://www.dayforce.com/blog/payroll-diversionfraud