Don’t trust the next mail you get from HR, it might be a scam
Hackers have found an ingenious way of getting to you, through mails from HR. So better pay attention to all those mails from the HR department.
We all get mails from the HR department at least once every day, and mostly we tend to ignore them. But scammers are trying to make the most out of it these days. As found by the research and security firm Cofence, scammers are trying to steal your office credentials as a part of a phishing campaign masquerading as emails from the 'HR Department'. This widespread scam is reportedly targeted at employees who are working from home during the lockdown phase.
The mail apparently tricks them into giving away their login details by making them fill a remote working enrolment form.
As per Cofence, the hackers are exploiting Microsoft's Sway application to get the target employee's credentials. For those unaware, Sway is a free to use application that lets employees create newsletters or presentations and is used widely by professionals on a daily basis. This is being used by attackers to send emails with convincing subject lines like 'Employee Enrolment Required' or 'Remote Work Access' that claim to have come from 'Human Resources'.
The link inside the mail for filling out the form is what takes you to the fake phishing site, where the credentials can be stolen and possibly sold in future. According to Cofence since scammers often use legitimate domains and URLs "these campaigns remained undetected for longer periods of time, likely leading to a higher number of compromised account credentials."
Once the employee fills the form that asks for his/her email ID and password and clicks on 'Submit', the log in details are sent to the threat actor.
Cofence recommends employees to read such mails carefully before clicking on malicious links. Users can hover the mouse pointer over the link to see where it is being redirected to.