Phishing Attacks Now Focus on HR-Related Subjects, Report Shows
HR-related topics continue to dominate phishing emails sent to employees from various organizations, while the number of messages related to COVID 19 has dropped considerably, according to a report from KnowBe4.
The move to work-from-home and the move back to the office for some employees created confusion over policies implemented in companies. Attackers have been quick to adapt their messages to every stage of the pandemic, using subjects of interest to capture the attention of the possible victims.
Using a simulation that tapped tens of thousands of real email subjects, KnowBe4came up with a list of general email subjects that fit existing trends for Q2 of 2021. Many of these will likely look familiar.
Top 10 General Email Subjects:
- Password Check Required Immediately
- Vacation Policy Update
- Important: Dress Code Changes
- ACH Payment Receipt
- Test of the [[company_name]] Emergency Notification System
- Scheduled Server Maintenance -- No Internet Access
- COVID-19 Remote Work Policy Update
- Scanned image from MX2310U@[[domain]]
- Security Alert
- Failed Delivery
It’s worth noting that COVID-related phishing is still present and that some of the messages are directly related to people returning to their offices. As more and more people return to the office, these messages are likely to become more common.
KnowBe4 also published some of the more prevalent messages in Q1 2021, and they also mirror the peoples’ interests and concerns.
- Zoom: Important issue
- IT: Information Security Policy Review
- Mastercard: Confirmation: Your One-Time Password
- Facebook: Your account has been temporarily locked
- Google: Take action to secure your compromised passwords
- Microsoft: Help us protect you - Turn on 2-step verification to protect your account
- Docusign: Lucile Green requests you to sign Mandatory Security Training documents
- Internship Program
- IT: Remote working missing updates
- HR: Electronic Implementation of new HRIS
As usual, the best course of action is always to check the sender of the email, to avoid opening emails and attachments from unknown users, and to use a security solution such as Bitdefender Total Security that’s more than capable of stopping any such attempt.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
July 30, 2021
July 27, 2021