Kaspersky Lab experts described a recently discovered method of corporate phishing. Attackers send an employee or organisation email inviting them to pass an assessment of knowledge and skills on the fake HR portal.
To do this, the victim is asked to log in to the site using a working username and password. The potential victim has the impression that it is a mandatory procedure, for the successful passage of which he will receive a monetary reward.
According to the senior content analyst of Kaspersky Lab Tatyana Shcherbakova, in this way, fraudsters get access to corporate mail, which may contain personal data of customers.
Employees of large banks are regularly trained, tested and certified, so they can take a fake invitation for a real one. For this reason, the new phishing method threatens to take on a massive scale.
According to analyst Anton Bykov, at the moment several thousand corporate accounts could already be hacked.
Sergey Terekhov, director of the Technoserv information security competence center, noted that in this case, the employees of the credit departments of banks, in whose mailbox client profiles are stored, are in the risk zone.
New-school Security Awareness Training can train your users to be on the alert for those kinds of scams, then test their reactions to simulated phishing emails based on actual phishes used by real malicious actors in the wild.
With thanks to the Cyber Defence Alliance and ehackingnews.com. The full story is here: https://www.ehackingnews.com/2019/11/cyber-criminals-stealing-customer-data.html
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
Immediately start your test for up to 100 users (no need to talk to anyone)
Customise the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW