It’s summertime in the northern hemisphere, so you know what that means: phishing trips! Recently, statistics from Check Point Research showed an increase in vacation-themed website domains. Of the domains found, an estimated one in every 83 was malicious or suspicious. Cybercriminals use phishing scams to direct you to these dangerous domains.

In one of these summer-themed scams, cybercriminals impersonate your organization’s HR department. They send a fake email announcing a new open vacation plan that only some employees are eligible for. Then, the email directs you to click a link to find out if you are one of those eligible employees. If you click the link, you will be directed to enter your work email and password. Entering your credentials on this page will give cybercriminals easy access to your work email and the organization as a whole. 

Follow the tips below to stay safe from similar scams:

  • The weather may be different in your part of the world, but that won’t stop cybercriminals from using this tactic. Look for red flags such as an email sent outside of your local work hours.
  • This specific scam is designed to make you feel curious, concerned, and even frustrated. Don’t let cybercriminals play with your emotions. Think before you click.
  • If you receive an unexpected email from HR, verify the legitimacy with someone in your organization. Don’t reply to the email. Instead, contact your manager or a point person in HR directly.

Source: KnowBe4.com

Chat