Compensation-Themed Phishing Emails

Fight cybercriminal phishing attacks with this information.

Be aware that cybercriminals are launching phishing attacks related to annual compensation reviews and bonuses. These types of phishing emails encourage recipients to click a lure (link) to confirm a payment-related change. Opening the link leads to a lookalike login page, which is designed to steal credentials.

Below is a compensation-themed phishing email and the red flags associated with it:


Follow the tips below to keep your account secure:

  • Verify the legitimacy of any unsolicited or unexpected email before you interact with it, especially if it leads to a login page asking for username and password. If you notice a subtle change or inconsistency in a message, don’t ignore it—report it.
  • Be extremely cautious of attachments that lead you to an account login page—even if the page looks “right.” It’s always safest to control your own path and log in via known, trusted channels.
  • Communications regarding compensation should only ever come from known, organizational email addresses. If in doubt, navigate directly to Workday to view changes or verify with HR.
  • Be cautious of unexpected emails related to timely events. Phishing criminals frequently tailor their phishing lures to actions related to specific times of year, such as annual compensation reviews, holiday bonuses, or tax season.

Most importantly, always report any suspicious emails sent to your CNM account to the ITS Security and Compliance team by using the Report Phish button in Outlook.

If you have interacted with a malicious message, open a ticket with the ITS Security team right away via email at or