📩 25/09/2023 12:25
Kaspersky has uncovered a new phishing scheme that targets employees and poses a threat to corporate systems. Stating that employees of large organizations rarely share their career goals, interests or thoughts about their achievements beyond the job description, Kaspersky experts said, “In general, such conversations only take place once a year, during the performance evaluation period. However, many employees would like to have more opportunities to communicate with management. As such, when they receive an e-mail inviting them for an individual evaluation, they usually take advantage of this opportunity without hesitation, especially if the e-mail in question underlines that this is mandatory.
Cybercriminals have sought to exploit this situation in their latest spear-phishing campaigns. In this fraud method, cybercriminals send convincing e-mails to company employees that appear to come from human resources departments. These emails accompany a self-assessment form as a way for employees to communicate with their managers.
Of course, it is possible for a careful eye to spot some telltale signs of a phishing attack in these deceptive emails. First, the sender's email address is not the same as the company's email address. This raises suspicion from the very beginning. Second, the email insists that everyone fill out the attached form by the end of the day, a common tactic used by scammers to create a sense of urgency. When recipients click on the link in the email, they are presented with questions that seem innocuous at first. But the true nature of the scam is revealed in the final three questions, which ask for the victim's email address, password, and password confirmation.” he said.
This approach catches victims off guard, Kaspersky experts said, noting that sensitive information is requested towards the end of the process, and to further avoid detection, fraudsters increase confusion by hiding the word "password".
Kaspersky Security Expert Roman Dedenok said: “We urge company employees to be careful when opening such emails, especially those that appear to be from HR. “To protect data, it is critical to verify the authenticity of unsolicited individual review requests directly with HR departments.” said..
To protect your data from phishing attacks and leaks, Kaspersky experts recommend:
”Be wary of messages from unknown senders. Phishing attacks often come from unknown or suspicious-looking senders. If you receive a message from a user or number you do not recognize, do not click on any links or provide personal information. Choose strong passwords. Use unique passwords for all your messaging app accounts. Avoid using the same password on multiple accounts. You can use a password manager such as Kaspersly Password Manager to create and store strong passwords. Verify the authenticity of the links. Before clicking on any links, check if they are actually official. Scammers often create fake websites that look like real websites. Therefore, it is important to double-check the URL before entering any login credentials or other sensitive information. Use two-factor authentication. Adding an extra layer of security to your account can help prevent unauthorized access. Enable two-factor authentication in your messaging app to ensure only you can access your account. Get help from security solutions. A reliable security solution will protect your devices against various types of threats. Kaspersky Premium prevents all types of fraud and keeps your data safe.”