Beware - that email from HR could well be a phishing scam
Phishing scams are inceasingly impersonating HR emails
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A growing number of successfulphishingattacks are using fake emails related to human resources (HR) accounts, new research has revealed.
In its Q2 2023 top-clicked phishing report, KnowBe4 said that the most-clickedemailshad subject lines related to human resources in an organization, such as dress code changes, training notifications, vacation updates and more.
In fact, vacation updates are the hottest topic these days, which would make sense given that we’re in the peak of summer holidays. In total, emails related to vacationing made up 19% of all successful phishing emails, followed by dress code changes (11%) and the W4 form (11%).
Abusing employee trust
“The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR – a trusted and crucial department of so many if not all organizations,” said Stu Sjouwerman, CEO, KnowBe4.
“These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organization. New-school security awareness training for employees is crucial to help combat phishing andmaliciousemails by educating users on the most common cyber attacks and threats. An educated workforce is an organization’s best defense and is essential to fostering and maintaining a strong security culture.”
Some of Google’s new domain names could pose a serious security risk>These dangerous phishing attacks are more common than ever - here’s what you need to know>Here’s our list of the best ransomware removal software
Phishing continues to be the most successful attack vector out there. Threat actors carefully craft these email messages, assuming the identities of trusted individuals and entities and mimicking their style and tone of voice almost flawlessly.
The common denominator in these emails is that there’s always a sense of urgency, as for the scam to work - the victims shouldn’t have time to think things through.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
At the end of the day, with a little common sense, phishing emails are easy to spot. Are they coming from the domain of the entity the sender claims to be? Are there any typos and other errors? Are the senders asking for things that don’t really make sense? Is the offer in the message too good to be true? All of these are red flags victims can use to determine if they’re being targeted.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set
