Let's Go Phishing!
With the rise in reports of phishing scams are heavily related to HR content we wanted to help you be aware. In this newsletter we are looking into how to spot one, what to do and how to keep you and employees safe.
HALF OF THE MOST CLICKED PHISHING EMAILS ARE HR RELATED
"About 50% of the email subjects clicked in phishing tests use HR-related messaging, according to a July 25 report from KnowBe4, a provider of security awareness training and a simulated phishing platform.
In the company’s Q2 top-clicked phishing
report, nearly 1 in 3 users were likely to click on a suspicious link or comply with a fraudulent request. The most popular emails with HR-related subject lines focused on dress code changes, training notifications, W4 updates, performance reviews and vacation policy updates. “The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible,” Stu Sjouwerman, CEO of KnowBe4, said in a statement." Learn more
"Phishing attacks disguised as emails from the HR department are continuing to bait employees across the world, finds a survey. One half or 50% of the top phishing email subjects globally pretend to come from an organisation's HR department, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report. KnowBe4 CEO Stu Sjouwerman said the trend of phishing emails that appear to come from HR is "especially concerning."
"These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation." Learn more
QR CODE PHISHING ATTACKS SPREADING
"Workplace phishing campaign armed with malicious QR codes has been spreading for months, according to the cybersecurity firm that uncovered it. The campaign, discovered by Cofense in May, spoofs Microsoft security alerts directing employees to update their account's security settings. The QR codes and redirect links send users to a phony web page to steal their Microsoft credentials.
Cofense reported that the campaign targeted multiple industries, including a major unnamed U.S. energy company. The volume of the campaign has increased by more than 2,400 percent since May and is still ongoing. Evidence suggests QR code phishing attacks have escalated since the COVID-19 pandemic. "Following the pandemic and scanning QR codes at restaurants, people have become very comfortable with scanning QR codes, don't think twice about it and don't fully grasp the risk associated with a malicious QR code," said Linn Freedman, a partner in the Providence, R.I., office of law firm Robinson and Cole and chair of the firm's Data Privacy and Cybersecurity Team. She added that "it is important to understand that just like malicious code embedded in a link or an attachment in an email or text—which we have been trained not to click on—a threat actor can embed malicious code into a QR code with the same results." Learn more