As nightmare emails go, this is terrible. Definitely not an email you want to receive from a manager in your company’s HR department. And when the initial shock wears off, you may be left with a number of unexpected consequences.
We’ve all read about layoffs by text, by email, by groups. And so scanning your inbox and reading that “we regret to inform you that due to the strict tax imposition on our company, we are no longer able to maintain our current workforce. As a result, we have made the difficult decision to implement layoffs across the entire organization,” he will hit hard. Just as it is intended to do.
Clearly a dangerous scam, the email tells you to “find attached the necessary documents regarding your dismissal and final salary payment analysis” leading to a malicious attachment that will steal your credentials. But this targets workplaces by their email domain, so those credentials could just as easily be used to break into your company’s systems as your own accounts.
Campaigns targeting organizations are out of control. According to one recent report“phishing attacks targeting organizations in Europe increased by 112.4% from April 2023 to April 2024. Meanwhile, US organizations were not spared either, with phishing attempts increasing by 91.5% over the same period period”.
Like everyone, I’m inundated with such phishing baits—and these are exactly the ones I see, the ones that get through the various spam and spam filters. These emails seem easy to spot and ignore. But in my work I’m constantly reminded of the millions of hard-working people who can be shocked or deceived by clicking a link or opening an attachment and not realize it until it’s too late.
As for this particular campaign, it’s clearly a work in progress. I have been targeted three times in a fortnight. HR campaigns like this are on the rise. “Employees are always on the lookout for any updates from their HR department,” warned a blog late last year. “Scammers pretend to be HR representatives and send malicious emails with links to phishing sites or attachments that can download malware… We’ve seen a noticeable increase in malicious HR spam”
HR report last month, warned workers that “Fake HR-related emails are one of the most common methods used by fraudsters to carry out cyber-attacks on organizations worldwide.” About half of all phishing lures clicked on by employees in the tests involved HR issues. Often these are benign, holiday related or similar. But a nasty redundancy email will find its sensitive audience.
So if you receive an email from your company’s HR department, always quickly check that the sender’s email has your company’s usual domain — it’s clearly easier if your company operates a secure system for flagging external mail.
And then if something doesn’t add up, be sure to delete it immediately.