New Phishing Scam Uses HR Email Look-A-Like To Fool Employees

There is no shortage of the number of cybercriminals who want to separate companies and their employees from their cash. No matter how intelligent or diligent you are when it comes to email and other online scams, anyone can fall victim to them. Cybercriminals are clever and are able to concoct elaborate phishing scams just so they can steal your hard earned money.

Beta News reported last week the latest scams involve attacks in which would-be thieves will obtain employee-specific information. They do this by sending emails that look like legitimate internal email communications from their HR department.  

While posing as HR staff members, these criminals have been able to fool workers into giving up banking details by requesting that the employee logs into a private portal where their personal and account information is entered. On the surface, these portals may appear legitimate, complete with company logos, but behind the scenes, these sites are going to phishing sites where this information can be used to gain access to their banking information.

Last year, the problem was so widespread and coincided that the Internal Revenue Service ran a public information campaign. Since the scams were coinciding with tax season or at the time of year that most companies have their annual benefits enrollments, federal and state governments along with a number of companies advised their workers to submit suspicious emails discussing HR topics to their IT departments to check for legitimacy. They also suggest only dealing directly to their company’s HR department to disclose financial and identity information with HR staff face to face.

The email security firm, Vade Secure, offers additional ways to help workers avoid being taken advantage of in such spear phishing attacks on their website.