Abnormal AI
Editor's PickStops the 'update my direct deposit' email before payroll ever sees it
score
Visiting through this link may earn us a commission if you sign up, at no extra cost to you. It doesn't change our review, our lowest editorial scores go to vendors who pay us the most for placement just as often as ones who pay us nothing.
Abnormal AI (formerly Abnormal Security) is an email security platform, and it's included here because payroll diversion fraud, someone impersonating an employee or an executive by email and asking HR or payroll to change direct deposit details, is genuinely one of the most common ways small and mid-size businesses actually lose money to 'payroll fraud' in practice. It's not exotic, it's a convincing email and a rushed approval.
Abnormal doesn't rely on the traditional approach of scanning for malicious links or attachments, because these attacks usually don't have any, they're just well-written social engineering. Instead it models normal communication behavior for your organization and flags anomalies: a request coming from a personal email address, a lookalike domain, unusual urgency or tone, a banking-detail change request that doesn't match how that person normally communicates.
This is a security tool, not an HR or finance tool, so it needs to be evaluated and bought by whoever owns your email security stack, and it doesn't touch payroll data directly. It stops the fraudulent request from landing convincingly in the first place, which is a different (and arguably more important) layer than anything that audits payroll after the fact.
Pricing
No public pricing. Sold as enterprise email security, typically priced per mailbox/user and quoted directly. Budget for a demo and sales conversation.
Features
- Behavioral modeling of normal internal and vendor email communication
- Detection of payroll diversion and direct-deposit-change social engineering
- Lookalike domain and compromised-account detection
- Vendor email compromise (VEC) detection for fraudulent invoice requests
- No dependency on malicious links/attachments to trigger detection
- Integrates with Microsoft 365 and Google Workspace
- Targets the single most common real-world payroll fraud vector for SMBs: social engineering by email
- Behavioral detection catches attacks with no malicious payload, which slip past traditional email security
- Sits upstream of payroll, stopping the fraudulent request before it's ever acted on
- This is an email security purchase, not a payroll or HR tool, different budget owner and evaluation process
- No visibility into payroll data itself, it only stops the request from being convincing
- Enterprise pricing and sales process, no public numbers to compare against
Any business that processes direct-deposit change requests by email or Slack and wants to stop social-engineering-driven payroll diversion before it happens.
Teams looking for a tool that audits payroll records themselves, this doesn't touch that layer.
Screenshots
Supported countries
Cloud email security works anywhere Microsoft 365 or Google Workspace is used, not limited to the countries listed above.
Integrations
Abnormal AI alternatives
Tools worth comparing before you commit.