2 min read

Cybercriminals Phish For Employee Credentials Using Fake HR Bonus Payment Emails

Alina BÎZGĂ

November 11, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Cybercriminals Phish For Employee Credentials Using Fake HR Bonus Payment Emails

A new phishing campaign leveraging bogus bonus payments from the HR department is targeting employees and remote workers across the globe to steal business login credentials.

This phishing attempt, caught by Bitdefender Antispam Lab earlier this week,  originates from IP addresses in Russia and has spread organically to inboxes in the US, UK, Ireland, Sweden, Denmark, Sweden and Romania.

HR-related topics have become an attractive go-to recipe for successful account takeover attempts and business compromise since the beginning of the pandemic.

While previous attacks leverage internal policy changes or notifications alerting employees about password checks and security-related notifications, the ongoing campaign uses a different tactic.

Recipients are lulled into accessing a bogus word document allegedly containing information on bonus payments. It may seem like the attackers put little effort into gift-wrapping the fake email, but what better way to pique an employee’s interest and curiosity, than baiting them with potential monetary bonuses.

Threat actors have their sights set on businesses and organizations, and often use employee carelessness to compromise internal networks and cripple businesses in targeted ransomware attacks. Credential phishing puts both employers and employees at risk. The hybrid work environment and increased personal use of corporate devices add to the long list of cybersecurity mishaps provoked by employees who fall for malicious correspondence.

Coveted phished employee credentials let attackers bypass an organization’s security measures to steal critical data. Bitdefender recommends employees take extra care when reading emails, even those that apparently come from an employer, HR or IT department.

Users who receive similar emails should immediately send them to their IT department. When in doubt, it’s best to ask for assistance or details from your human resource department before accessing any links, downloading attachments, or entering your corporate login credentials onto an online form.

Note: This article is based on technical information courtesy of Bitdefender Labs

Stay Safe!

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach UK Cabinet Office Fined £500,000 over New Year Honours List Data Breach
Alina BÎZGĂ

December 03, 2021

2 min read
Europol Operation Cracks Down on International Money Mule Schemes Europol Operation Cracks Down on International Money Mule Schemes
Alina BÎZGĂ

December 02, 2021

2 min read
Twitter Prohibits Users from Sharing Individuals’ Private Photos or Videos without Consent Twitter Prohibits Users from Sharing Individuals’ Private Photos or Videos without Consent
Alina BÎZGĂ

December 02, 2021

2 min read