1 min read

Phishing Attacks Now Focus on HR-Related Subjects, Report Shows

Silviu STAHIE

July 15, 2021

Phishing Attacks Now Focus on HR-Related Subjects, Report Shows

HR-related topics continue to dominate phishing emails sent to employees from various organizations, while the number of messages related to COVID 19 has dropped considerably, according to a report from KnowBe4.

The move to work-from-home and the move back to the office for some employees created confusion over policies implemented in companies. Attackers have been quick to adapt their messages to every stage of the pandemic, using subjects of interest to capture the attention of the possible victims.

Using a simulation that tapped tens of thousands of real email subjects, KnowBe4came up with a list of general email subjects that fit existing trends for Q2 of 2021. Many of these will likely look familiar.

Top 10 General Email Subjects:

  • Password Check Required Immediately
  • Vacation Policy Update
  • Important: Dress Code Changes
  • ACH Payment Receipt
  • Test of the [[company_name]] Emergency Notification System
  • Scheduled Server Maintenance -- No Internet Access
  • COVID-19 Remote Work Policy Update
  • Scanned image from MX2310U@[[domain]]
  • Security Alert
  • Failed Delivery

It’s worth noting that COVID-related phishing is still present and that some of the messages are directly related to people returning to their offices. As more and more people return to the office, these messages are likely to become more common.

KnowBe4 also published some of the more prevalent messages in Q1 2021, and they also mirror the peoples’ interests and concerns.

  • Zoom: Important issue
  • IT: Information Security Policy Review
  • Mastercard: Confirmation: Your One-Time Password
  • Facebook: Your account has been temporarily locked
  • Google: Take action to secure your compromised passwords
  • Microsoft: Help us protect you - Turn on 2-step verification to protect your account
  • Docusign: Lucile Green requests you to sign Mandatory Security Training documents
  • Internship Program
  • IT: Remote working missing updates
  • HR: Electronic Implementation of new HRIS

As usual, the best course of action is always to check the sender of the email, to avoid opening emails and attachments from unknown users, and to use a security solution such as Bitdefender Total Security that’s more than capable of stopping any such attempt.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read
Ransomware via a call centre? BazaCall means no email attachment or link required for infection Ransomware via a call centre? BazaCall means no email attachment or link required for infection
Graham CLULEY

July 30, 2021

3 min read
FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read