Beware Of Phishing Emails Under The Guise Of A Holiday Schedule From HRD
JAKARTA - Cybercriminals are again preying on victims by pretending to be the Human Resources (HR) department or commonly known as HRD. He often sends emails containing phishing traps.
Phishing itself is a deception technique that acts as someone to trick victims via email or instant messages, so they can easily believe it.
In the newly started holiday season, Kaspersky security experts have managed to spot such a scam with perpetrators pretending to be HRD to announce holiday schedules.
This was triggered because many employees had already made plans, bought tickets, booked hotels. The situation was exploited by cybercriminals to send emails to employees of a company on the topic of holidays.
For example, it is common for the email to contain sudden rescheduling, the need to confirm dates, or the activity clashing with some important event.
According to Kaspersky security experts, it is quite easy to spot their tricks, because in this case, it is about mass targeting, and not spear phishing.
Employees are also expected to resist the urge to click on links, note that attackers only know the recipient's address, automated bulk email addresses retrieve company domain names and employee names from addresses automatically replacing them with dummy links and sender's signature.
However, if the victim falls for the bait and clicks on the link, signs of phishing can still be found on the attacker's site.
Where the site itself lacks convincing is characterized by being hosted not on a company server but where anyone can rent space. The file name also doesn't match the PDF name mentioned in the email.
VOIR éGALEMENT:
To prevent yourself from being fooled by phishing emails, here are some simple tips from Kaspersky below.
1. Always check links before clicking. Hover over it to preview the URL, and look out for misspellings or other irregularities in the message.
2. Many phishing attacks aim to hijack accounts, but even if attackers get hold of logins and passwords, you can still prevent them from logging into accounts by setting up two-factor authentication.
3. Has protection at the mail gateway level. What's more, all devices connected to the internet need to be protected by an endpoint security solution.
4. Conduct regular security awareness training for employees on the latest cyberthreats or inform them about potential phishing scams.