Kaspersky Finds Phishing Fraud Using Performance Evaluation Scheme

Phishing scam illustration (photo: Kaspersky)

JAKARTA - Kaspersky has just uncovered a phishing scheme that poses a threat to the company's system by targeting employees.

The global cybersecurity company said that this type of fraud presented itself as a form of evaluation of the performance of employees who come from the HR department but have a dangerous agenda, namely stealing sensitive information.

In this fraud scheme, cybercriminals send emails that are made convincingly to appear as if they came from the HR department.

This email offers self-evaluation forms as a way for employees to interact with their managers. However, these deceptive emails show some very clear signs of phishing.

First, the sender's email address does not match the company's address. Second, the email puts pressure on emphasizing that everyone must complete the form at the end of their working day.

Additionally, when the recipient clicks on the link provided, they will face questions that, at first sight, appear harmless. However, the true nature of the scheme became clear in the last three questions, asking for the victim's email address, password, and password confirmation.

"We urge company employees to be careful when receiving such emails, especially those that resemble HR communications," said Roman Dedenok, security expert at Kaspersky.

To protect their data, Dedenok stated that it is very important to verify the authenticity of requests for self-evaluation that are not requested directly with their HR department.