Threat actors are using communication about personal pension accounts plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
Email security company Cofense warns that these attacks are becoming more frequent and even organizations with sound email security practices are having trouble against them.
401(k) is a popular retirement savings plan in the U.S. that offers a convenient way for employees to save for the future with tax benefits, often including additional contributions from their employer.
Cybercriminals take advantage of this topic and are sending targets 401(k) notifications posing as someone from their company's Human Resources department alleging an important plan update or an increase in contributions.
Cofense says that throughout last year it has seen a sharp rise in QR codes embedded in those phishing emails, taking recipients to a fake login page designed to steal credentials.
Other lure types seen more often towards the end of the year include open enrollment, surveys, and salary restructuring communications.
Open enrollment is a specific period, typically occurring towards the end of the calendar year, allowing employees to enroll in health insurance or retirement plans.
Recipients take these messages very seriously because failing to enroll before the deadline results in loss of eligibility for some benefits until the next enrollment round.
Cybercriminals also appear to use more often lures regarding compensation adjustments, especially about bonuses and increases, which are usually decided at the end of the year.
Finally, Cofense warns about fake employee satisfaction surveys and assessment reports sent to targets from spoofed human resource departments.
Cofense says that all examples in its report are from employees of large enterprises that use effective email security solutions, yet many phishing messages still reach their employees' inboxes.
The security company suggests that HR departments schedule these communications and inform the personnel accordingly to help filter out at least some of the malicious communications.
Considering that many companies outsource these operations, educating and safeguarding employees from phishing attempts may be difficult.
Another measure would be to avoid QR codes in legitimate business communication, since many phishing campaigns rely on them.
UK and allies expose Russian FSB hacking group, sanction members.
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months.
Crypto wallet founder loses $125,000 to fake airdrop website.
FTC offers $25,000 prize for detecting AI-enabled voice cloning.
Nigerian hacker arrested for stealing $7.5M from charities.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 10 Jan 2024 18:35:04 +0000