In a recent attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form “could carry significant fines.”
If you click the link in the email, you are directed to a realistic but fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a real vaccination form from your local government. The good news is that this form isn’t actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.
Remember these tips to avoid similar phishing attacks:
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.