Bad guys are now capitalizing on the benefits election/enrollment season and the yearly pay raise process which usually gets effective Jan 1st. These criminals are still improving their game, these benefits and pay-themed phishing emails are not quite as convincing as the recent tax-themed phishing attacks.
However, you and your users need to be aware of the pay raise and benefits enrollment phishes that have been reported to us by customers using the Phish Alert Button (PAB) over the past several weeks, most of which are front doors to credentials phishes. Some of these are simply bad, but some are quite creative and take the shape of a personalized benefits survey. Here is an example:
Another form is a phish where your users are invited by their "HR department" to check out their pay increase "as part of a larger organization-wide effort to raise salaries". The phish has a link that leads to a credentials phishing landing page but looks like a sharepoint document.
I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:
ALERT: Internet criminals are now sending phishing attacks related to benefits enrollment and potential pay raises. So, when you get any email or perhaps even a robo-call from "HR" about your "2020 benefits" or "next year pay raise", do not click or open any attachments, but report these suspects email to the IT department. In case you have questions about your benefits or pay, pick up the phone call the HR department using the regular, correct extension.
NEVER click on any link in these emails, or "reply" and attach personal information because both the "From" and the "Reply" email address may be spoofed and you would send confidential information to criminals. Think Before You Click.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.