Kaspersky has uncovered a sophisticated phishing scheme targeting corporate employees through deceptive self-evaluation forms appearing to originate from HR departments. Cybercriminals exploit employees’ eagerness to participate, requesting sensitive information like email addresses and passwords towards the end of the process, urging caution and verification of such emails with HR departments to protect against the threat.
25 September 2023 – Kaspersky, a cybersecurity expert, has exposed a troubling phishing campaign that poses a significant threat to corporate systems by specifically targeting employees. This deceptive scheme disguises itself as a self-evaluation form purportedly from HR departments but actually seeks to steal sensitive information.
In large organizations, employees rarely have opportunities to share their thoughts on career aspirations, interests, or achievements beyond their job roles. Such discussions usually occur during annual performance reviews. When employees receive an email inviting them to participate in a self-evaluation, especially one claiming to be mandatory, they often respond eagerly. Cybercriminals are capitalizing on this eagerness in their latest spear-phishing campaign.
In this fraudulent scheme, cybercriminals send emails convincingly designed to appear as if they originate from HR departments. These emails offer a self-evaluation form for employees to engage with their managers. However, there are clear signs of phishing in these deceptive emails.
Firstly, the sender’s email address does not match the company’s, immediately raising suspicions. Secondly, the email creates a sense of urgency by insisting that everyone complete the form by the end of the day, a common tactic used by scammers. Moreover, when recipients click the provided link, they encounter seemingly innocuous questions. However, the scheme’s true nature becomes apparent in the final three questions, which request the victim’s email address, password, and password confirmation.
This deceptive approach catches victims off guard by asking for sensitive information toward the end of the process, and the term “password” is concealed to add sophistication to the scam.
Security expert Roman Dedenok at Kaspersky advises corporate employees to exercise caution when receiving such emails, especially those resembling HR communications. He emphasizes the importance of verifying the authenticity of unsolicited self-evaluation requests directly with the HR department.
Kaspersky recommends the following measures to protect data from phishing attacks and leaks:
- Be cautious of messages from unknown senders.
- Use strong and unique passwords for messaging app accounts.
- Verify the authenticity of links before clicking.
- Enable two-factor authentication for added security.
- Utilize reliable security solutions such as Kaspersky Premium to protect devices from various threats.