Beware of Phishing! Fake Self-Evaluation Targets Employees

March 28, 2024
10:54 am

Large companies typically conduct annual performance reviews, but what if you receive an email inviting you to take a self-evaluation outside the usual schedule? This could be a phishing scam!

The Bait: A Self-Improvement Opportunity

The scam email, disguised as an official HR communication, highlights the benefits of self-evaluation:

Candid dialogue with managers
Identifying strengths and weaknesses
Reflecting on career goals

This convincing message might lure employees eager for feedback and professional development.

Red Flags to Watch Out For

Despite the seemingly professional tone, some clues reveal the email’s true nature:

Mismatched Sender Email: The sender’s email address might not match your company’s domain. An unrelated organization name like “Family Eldercare” is a clear giveaway.
Urgency and Forcefulness: Phishing emails often pressure recipients with phrases like “COMPULSORY for EVERYONE” and “by End Of Day.” A legitimate evaluation wouldn’t use such forceful language.

The Trap: Stealing Login Credentials

If you click through the email and proceed with the “self-evaluation,” you might encounter seemingly relevant performance-related questions. However, the real motive is revealed at the end:

Request for Login Credentials: The final questions ask for your email address and password (disguised with asterisks) for “authentication.” This is a trick to steal your login information.

Why This Scam is Cunning

Phishing scams often take you directly to a fake login page, raising immediate suspicion. This scam, however, integrates the credential request within the “evaluation” form, potentially bypassing your guard after engaging with seemingly legitimate questions.

How to Stay Safe

Employee Awareness: Educate employees about the latest phishing tactics. Share informative resources like this blog post.
Security Training: Regular training programs (like the Kaspersky Automated Security Awareness Platform) can equip employees to identify and avoid phishing attempts.
Technical Safeguards: Implement security solutions with anti-phishing technology at the email gateway and on all work devices.

By combining employee awareness with technical security measures, you can significantly reduce the risk of falling victim to phishing scams.

DIGITAL TRANSFORMATION

Public, Hybrid and Private Cloud Services

Cloud Migration

Cloud Optimization

Managed Cloud Services

Devops Consulting Services

Backup & Disaster Recovery Services

Cloud Security

Data Centre Solutions

Network Solutions

Telephony Solutions

End User Computing

Service & project Management

NOC and SOC Services

IT Transformation Services

CYBER SECURITY SERVICES

Enterprise Security

Application Security

Network Security

Cloud Security

Managed Detection & Response

Cyber Security Trainings

Emergency Incident Response

Vulnerability Assesment & Pentesting

Quick Communication

Sudarshan

WEBSITE & APP DEVELOPMENT

DIGITAL TRANSFORMATION

Public, Hybrid and Private Cloud Services

Cloud Migration

Cloud Optimization

Managed Cloud Services

Devops Consulting Services

Backup & Disaster Recovery Services

Cloud Security

Data Centre Solutions

Network Solutions

Telephony Solutions

End User Computing

Service & project Management

NOC and SOC Services

IT Transformation Services

CYBER SECURITY SERVICES

Enterprise Security

Application Security

Network Security

Cloud Security

Managed Detection & Response

Cyber Security Trainings

Emergency Incident Response

Vulnerability Assesment & Pentesting

Quick Communication

Sudarshan

WEBSITE & APP DEVELOPMENT