"You have a bonus! Open the file for more details."
Cofense, a company specializing in electronic security, reports an increase in cases of cyber attacks aimed at stealing the credentials of employees of companies. Attackers use New Year's Eve messages about changes in pension accounts, salary adjustments, and labor productivity reports as bait. All this happens at the end of the year, when employees least expect a trick.
The Cofense report says that cybercriminals send fake notifications about retirement accounts, posing as human resources employees and informing the potential victim about important plan updates or increases in pension contributions.
Experts also noted a significant increase in the use of QR codes in phishing emails that redirect recipients to fake login pages to steal their credentials.
In addition, at the end of the year, especially abroad, there are often reports about making an appointment for medical care and changing the principle of calculating salaries. Reports of health care appointments under insurance are taken very seriously, as missing the deadline for making an appointment may result in the loss of some benefits until the next period. In turn, notifications about salary adjustments, compensation, especially various bonuses, bonuses, and raises that usually occur at the end of the year, arouse even more interest among potential victims.
Cofense also warns about fake job satisfaction surveys of departments or specific employees within the company sent by attackers on behalf of the HR department. In one example, a phishing email used the subject "employee of the year" to trick recipients into opening their "performance reports".
Despite the use of effective email security solutions, many phishing messages still reach employees ' mailboxes. Cofense advises companies to plan such communications in advance and inform staff accordingly to help filter out at least some of the malicious messages.
However, many organizations outsource such operations, which makes it more difficult to train and protect employees from phishing attacks. Another security measure is to avoid using QR codes in official business messages, as many phishing campaigns rely on them.
How did your company celebrate the New Year? We hope that there was no phishing.
Cofense, a company specializing in electronic security, reports an increase in cases of cyber attacks aimed at stealing the credentials of employees of companies. Attackers use New Year's Eve messages about changes in pension accounts, salary adjustments, and labor productivity reports as bait. All this happens at the end of the year, when employees least expect a trick.
The Cofense report says that cybercriminals send fake notifications about retirement accounts, posing as human resources employees and informing the potential victim about important plan updates or increases in pension contributions.
Experts also noted a significant increase in the use of QR codes in phishing emails that redirect recipients to fake login pages to steal their credentials.
In addition, at the end of the year, especially abroad, there are often reports about making an appointment for medical care and changing the principle of calculating salaries. Reports of health care appointments under insurance are taken very seriously, as missing the deadline for making an appointment may result in the loss of some benefits until the next period. In turn, notifications about salary adjustments, compensation, especially various bonuses, bonuses, and raises that usually occur at the end of the year, arouse even more interest among potential victims.
Cofense also warns about fake job satisfaction surveys of departments or specific employees within the company sent by attackers on behalf of the HR department. In one example, a phishing email used the subject "employee of the year" to trick recipients into opening their "performance reports".
Despite the use of effective email security solutions, many phishing messages still reach employees ' mailboxes. Cofense advises companies to plan such communications in advance and inform staff accordingly to help filter out at least some of the malicious messages.
However, many organizations outsource such operations, which makes it more difficult to train and protect employees from phishing attacks. Another security measure is to avoid using QR codes in official business messages, as many phishing campaigns rely on them.
How did your company celebrate the New Year? We hope that there was no phishing.
