ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act quickly to see if they’ve actually lost their job.
If a user falls for the attack, they’ll be tricked into downloading malware or handing over their login credentials.
“Social engineering tactics used in phishing aim to create a sense of urgency in the victim, so that they act without thinking things through first,” the researchers write. “And you can’t get more urgent than a notice informing you that you have been dismissed. It could arrive in the form of an email from HR, or an authoritative third-party outside the company.
It may tell you that your services are no longer required. Or it may claim to include details about your colleagues that are too hard to resist reading. The end goal is to persuade you to click on a malicious link or open an attachment, perhaps by claiming that it includes details of severance payments and termination dates.”
ESET says users should be on the lookout for the following red flags associated with phishing attacks:
- An unusual sender address that doesn’t match the stated sender. Hover your mouse over the “from” address to see what pops up. It may be something completely different, or it could be an attempt to mimic the impersonated company’s domain, using typos and other characters (e.g., m1crosoft[.]com, @microsfot[.]com)
- A generic greeting (e.g., ‘dear employee/user’), which is certainly not the tone a legitimate termination letter would take
- Links embedded in the email or attachments to open. These are often a tell-tale sign of a phishing attempt. If you hover over the link and it doesn’t look right, all the more reason not to click
- Links or attachments that don’t open immediately, but request you to enter logins. Never do so in response to an unsolicited message
- Urgent language. Phishing messages will always try to rush you into making a rash decision
- Misspellings, grammatical or other mistakes in the letter. These are becoming rarer as cybercriminals adopt generative AI tools to write their phishing emails, but they’re still worth looking out for
Going forward, be on your guard for AI-aided schemes where scammers could use deepfake audio and video likenesses of actual people (that of your boss, perhaps) to trick you into giving up confidential corporate information.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ESET has the story.
Here's how it works:
