[Heads Up] Scam Of The Week: Phishing Attacks Using Better Benefits And Pay Raise Bait

benefits-4Millions of employees use KnowBe4's Phish Alert Button to report suspect emails, and thousands of organizations share these reports with us. This has become a fascinating threat source, because these phishy emails have made it through all the filters. We see pretty much real-time what the bad guys are up to and which campaigns are live in the wild. So here is the latest Scam Of The Week.

Bad guys are now capitalizing on the benefits election/enrollment season and the yearly pay raise process which usually gets effective Jan 1st. These criminals are still improving their game, these benefits and pay-themed phishing emails are not quite as convincing as the recent tax-themed phishing attacks.

However, you and your users need to be aware of the pay raise and benefits enrollment phishes that have been reported to us by customers using the Phish Alert Button (PAB) over the past several weeks, most of which are front doors to credentials phishes. Some of these are simply bad, but some are quite creative and take the shape of a personalized benefits survey. Here is an example:


Another form is a phish where your users are invited by their "HR department" to check out their pay increase "as part of a larger organization-wide effort to raise salaries".  The phish has a link that leads to a credentials phishing landing page but looks like a sharepoint document. 

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: 

ALERT: Internet criminals are now sending phishing attacks related to benefits enrollment and potential pay raises. So, when you get any email or perhaps even a robo-call from "HR" about your "2020 benefits" or "next year pay raise", do not click or open any attachments, but report these suspects email to the IT department. In case you have questions about your benefits or pay, pick up the phone call the HR department using the regular, correct extension.

NEVER click on any link in these emails, or "reply" and attach personal information because both the "From" and the "Reply" email address may be spoofed and you would send confidential information to criminals. Think Before You Click.

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc.


Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews