Don’t trust the next mail you get from HR, it might be a scam | HT Tech

Don’t trust the next mail you get from HR, it might be a scam

Hackers have found an ingenious way of getting to you, through mails from HR. So better pay attention to all those mails from the HR department.

By: HT CORRESPONDENT
| Updated on: Apr 25 2020, 16:27 IST
Hackers have found an ingenious way of getting to you, through mails from HR. So better pay attention to all those mails from the HR department.
Hackers have found an ingenious way of getting to you, through mails from HR. So better pay attention to all those mails from the HR department. (Pixabay)

We all get mails from the HR department at least once every day, and mostly we tend to ignore them. But scammers are trying to make the most out of it these days. As found by the research and security firm Cofence, scammers are trying to steal your office credentials as a part of a phishing campaign masquerading as emails from the 'HR Department'. This widespread scam is reportedly targeted at employees who are working from home during the lockdown phase.

The mail apparently tricks them into giving away their login details by making them fill a remote working enrolment form.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

Also read: Beware! WhatsApp hack that lets attackers gain easy access to your account is back

Also read
Looking for a smartphone? To check mobile finder click here.

As per Cofence, the hackers are exploiting Microsoft's Sway application to get the target employee's credentials. For those unaware, Sway is a free to use application that lets employees create newsletters or presentations and is used widely by professionals on a daily basis. This is being used by attackers to send emails with convincing subject lines like 'Employee Enrolment Required' or 'Remote Work Access' that claim to have come from 'Human Resources'.

The link inside the mail for filling out the form is what takes you to the fake phishing site, where the credentials can be stolen and possibly sold in future. According to Cofence since scammers often use legitimate domains and URLs "these campaigns remained undetected for longer periods of time, likely leading to a higher number of compromised account credentials."

Also read: Personal data of 23 million players of Webkinz children's game hacked

Once the employee fills the form that asks for his/her email ID and password and clicks on 'Submit', the log in details are sent to the threat actor.

Cofence recommends employees to read such mails carefully before clicking on malicious links. Users can hover the mouse pointer over the link to see where it is being redirected to.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 25 Apr, 16:17 IST
NEXT ARTICLE BEGINS
Not sure which Mobile to buy? Need help?