Beware — the email from HR might be a cyber scam | HR Tech Outlook
HR Tech Outlook magazine lists how email from hr can be a cyber scam and how to stay away from them. Remote workers are being targeted by a wide-ranging new online scam looking to steal business logins.
Researchers at security firms have uncovered a phishing campaign masquerading as emails from HR departments.
The scam targets employees who are still getting wont to performing from home, tricking them into making a gift of credentials like login details through fake remote working enrolment forms.
Nearly half workers have clicked on a phishing email, Gmail account phishing attacks target millions — here’s what you would like to understand
4 ways to fight back against coronavirus phishing and malware attacks
The criminals used this service to make and send emails containing subject lines like ‘Employee Enrollment Required’ and ‘Remote Work Access.’ Claiming to return from “Human Resources”, and phrased to resemble official internal communications the e-mail asks the recipient to click on a link to enroll in an remote working policy.
However clicking on this link sends the victim to a fake phishing site, where their credentials are stolen and potentially sold on.
Cofense says it’s detected multiple instances of such scams, and warns that as they often used legitimate domains and URLs, these campaigns went undetected for an extended periods of your time , which could mean an outsized number of accounts were compromised.
“As employees have rapidly shifted to remote working, threat actors have began to check out ways they maximize the COVID-19 pandemic to spoof new corporate policies and bonafide collaboration tools to reap valuable corporate credentials, a trend we anticipate will only still gain steam within the foreseeable future,” Kian Mahdavi from the Cofense Phishing Defense Center wrote during a blog explaining the threats.
Cofense recommends employees take extra care when reading all emails, even those claiming to return from their employer, and check links by hovering their cursor above the hyperlinked text to make sure it’s directing them to a legitimate site.