Cybercriminals impersonate HR departments and send fake emails with malicious links that prompt employees to enter their workplace email and password, providing the fraudster with access to the organization’s email system.
It’s summertime in the northern hemisphere, so you know what that means: phishing trips! Recently, statistics from Check Point Research showed an increase in vacation-themed website domains. Of the domains found, an estimated one in every 83 was malicious or suspicious. Cybercriminals use phishing scams to direct you to these dangerous domains.
In one of these summer-themed scams, cybercriminals impersonate your organization’s HR department. They send a fake email announcing a new open vacation plan that only some employees are eligible for. Then, the email directs you to click a link to find out if you are one of those eligible employees. If you click the link, you will be directed to enter your work email and password. Entering your credentials on this page will give cybercriminals easy access to your work email and the organization as a whole.
Follow the tips below to stay safe from similar scams:
- The weather may be different in your part of the world, but that won’t stop cybercriminals from using this tactic. Look for red flags such as an email sent outside of your local work hours.
- This specific scam is designed to make you feel curious, concerned, and even frustrated. Don’t let cybercriminals play with your emotions. Think before you click.
- If you receive an unexpected email from HR, verify the legitimacy with someone in your organization. Don’t reply to the email. Instead, contact your manager or a point person in HR directly.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.