As schools are beginning to wrap up for the season, criminals are taking advantage of employees planning their summer holidays. Hackers are using phishing emails that appear to come from human resources to steal employee credentials in a new summer-themed campaign. The emails are very convincing in some ways but still reveal some red flags employees should be able to identify.
The new phishing campaign asks employees to confirm the dates they will be out of the office with an ‘Annual Vacation Approval’ email. The email title mentions 2023, but the URL says 2022, and the email address does not match the corporate email, both of which should set off alarm bells. However, the phishing campaign also color codes employees to appear as if it is following a company structure. The URL in the email also uses generic business terms like ‘staff’ and ‘folderaccounts’ to appear to be part of a large corporate structure.
The landing page for the phishing attack is high quality and matches the employee’s company, but it’s clear the URL is not the same as the original email. Employees should be aware of the themes of phishing attacks we are seeing in the wild as well as the warning signs an attack like this presents.
At the same time, hackers are using the upcoming summer holiday to attack consumers looking for travel deals. Travel this year will be more expensive than in previous years due to inflated prices in the leisure category. Hackers follow the news and set up lures to target travelers searching for a bargain. Many of the phishing sites feature offers too good to be true and are seeking to steal credentials or simply money, asking consumers to pay hundreds or thousands of dollars for reservations to fake businesses.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
