2023-08-03 06:00:47
Phishing and scams pose one of the biggest risks for businesses during the summer, as cybercriminals trick employees into divulging sensitive information. These techniques include fake vacation management service pages designed to lure unsuspecting employees into their trap.
In summer, it is normal for many employees to be distracted by thinking about the long-awaited vacation. This is something that cybercriminals know very well, and they take advantage of it to obtain corporate credentials through phishing.
In fact, according to a recent study of Kaspersky on the attitude towards cyber security, carried out among a thousand Spaniards, reveals that the 58% have received attempted phishing attacksand 15.5% admit to having been deceived. For this reason, Kaspersky analyzes the main scams that circulate during the summer among the most clueless workers.
In this sense, the most common situation begins with an e-mail. The aim of the cybercriminals with this email is to get the user to click on the included phishing link. To carry out this technique, the attackers usually manipulate the victim and draw her attention, taking advantage of fear or curiosity to find out more than what said email informs.
Specifically, during the summer, cybercriminals use strategies such as the use of the vacation calendar, since many employees already have their plans organized to enjoy a few days off. However, cybercriminals can send emails posing as the HR team, alleging a sudden vacation rescheduling and requesting confirmation of new dates.
Fake email from RR. HH.
In these cases, experts stress that the most important thing is to resist the temptation to mindlessly click on the link to check vacation dates. Although it is also essential to make sure that the sender is not another employee of the company, or that the “HR director. H H.” The person who “sends” the email does not have a name and his signature does not match the company’s own corporate style.
Kaspersky warns that it is still possible to identify other signs of phishing on the attackers’ website. For example, the link provided in the email above redirects to an unreliable site.
Phishing site that steals credentials
If the user pays attention to the URL, they will notice that the file is not hosted on the company’s server, but on cloud services where anyone can rent a space. Also, the file name does not match the PDF name that was specified in the email. Of course, once the victim enters their password in the login window, it will be sent directly to the cybercriminals’ servers.
To reduce the likelihood that a company’s employees will encounter phishing emails, experts recommend:
Have a security solution that protects all aspects of corporate email. Have a security solution for endpoints in all devices connected to the Internet. Carry out regular employee awareness training about the latest cyber threats or, at the very least, keep them informed about potential phishing scams.
“Cybercriminals take advantage of any moment to cause damage to companies, but in summer, with thoughts set on vacations, it seems that this type of scam increases among the most clueless employees. For this reason, it is essential to carry out training for the teams and have cybersecurity solutions that keep the company’s data protected”concludes Marc Rivero, Senior Security Researcher at Kaspersky.
More information
#Cybercriminals #advantage #summer #holidays #defraud #employees