The phishing site appears to be a simple login portal that doesn’t attempt to imitate any well-known sites. Employees are asked to enter their username, password, and email address, in order to receive an email with additional instructions. If they enter their credentials, the attackers receive the information, and the attack concludes.
Performance Review Phishbait Is A New Angle Of Attack
SecurityIntelligence notes that attackers often use corporate-focused phishing attacks to gain access to businesses. Similar attacks include spearphishing with fake invoices, malicious links contained in SharePoint files, and HTML attachments posing as voicemail notifications. Performance review phishbait is a little out-of-the-ordinary, although not unheard of, and the urgency of completing such reviews on time can rush the unwary into swallowing a hook they might otherwise spit.
Employees need to be extremely careful about where they enter their credentials, and they need to report potential phishing attacks even if they’ve already fallen for them. New-school security awareness training can ensure that your employees are watching out for these attacks.
I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:
ALERT: Bad guys are sending phishing emails trying to get you worried about "your performance review". However, they are trying to steal your username and password. These low-lifes pose as HR and send you an email with a link to a bogus website where they try to trick you into filling out a login screen so that you can "receive the information" about your performance review. It's a nasty trick trying to get you to worry about your job. Don't fall for it and Think Before You Click.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.