Kaspersky has uncovered a concerning phishing scheme that poses a threat to corporate systems by targeting employees. This deceptive scheme presents itself as a self-evaluation form originating from HR departments but has a sinister agenda of stealing sensitive information.
It is a common practice within large organizations that employees seldom have share their thoughts regarding career aspirations, areas of interest, or achievements beyond their job descriptions. Typically, such discussions only take place once a year during performance reviews. Yet, many employees would like to have more opportunities to communicate with management. When an email inviting them to participate in a self-evaluation arrives, especially one that claims to be mandatory, they often seize the opportunity without hesitation. This is the very opening that cybercriminals are exploiting in their latest spear-phishing campaign.
In this fraudulent scheme, cybercriminals send emails convincingly crafted to appear as if they originate from HR departments. These emails offer a self-evaluation form as a way for employees to engage with their managers. However, these deceptive emails exhibit several clear signs of phishing.
Firstly, the sender’s email address doesn’t align with the company’s, raising suspicions from the outset. Secondly, the email exerts pressure by insisting that everyone must complete the form by the end of the day, a common tactic employed by scammers to create a sense of urgency. Furthermore, when recipients click on the provided link, they encounter questions that, at first glance, seem innocuous. However, the scheme’s true nature becomes apparent in the final three questions, which request the victim’s email address, password, and password confirmation.
This deceptive approach catches victims off guard because it asks for sensitive information towards the end of the process. To further avoid detection, the word “password” is concealed, adding some sophistication to the scam.
“We urge corporate employees to exercise caution when receiving such emails, especially those resembling HR communications. To protect their data, it’s crucial to verify the authenticity of unsolicited self-evaluation requests directly with their HR department,” comments Roman Dedenok, a security expert at Kaspersky.
Read more about this spear-phishing campaign on Kaspersky Daily.
To keep your data protected from phishing attacks and leaks, Kaspersky experts recommend:
- Be cautious of messages from unknown senders: Phishing attacks often come from unknown or suspicious-looking senders. If you receive a message from an unfamiliar user or number, don’t click on any links or provide any personal information.
- Use strong passwords: Use unique passwords for all your messaging app accounts. Avoid using the same password across multiple accounts, and consider using a password manager to generate and store strong passwords – such as Kaspersky Password Manager.
- Verify the authenticity of links: Before clicking on any links, check to see if they’re legitimate. Scammers often create fake websites that look similar to the real ones, so it’s important to double-check the URL before entering any login credentials or other sensitive information.
- Use two-factor authentication: Adding an extra layer of security to your account can help prevent unauthorized access. Enable two-factor authentication on your messaging app to ensure that only you can access your account.
- Use security solutions: a reliable security solution will protect your devices from various types of threats. Kaspersky Premium prevents all types of fraud and keeps your data safe.