If you get an email from the human resources (HR) department, just make sure it’s legitimate before opening, because fake HR emails is one of the most common tactics deployed by cybercriminals, experts have warned.
This is one of the conclusions echoed in KnowBe4’s latest report on phishing, which found the trend of impersonating the HR department is holding steady. The emails could be about dress code changes, different training notifications, vacation updates, or pretty much anything else.
“These are effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday,” the company warned.
HR emails aside, some hackers will also draft phishing emails related to the holiday season or other seasonal events. Four out of five top holiday email subjects for the quarter were related to Halloween. Finally, emails around IT and online services notifications, as well as those related to taxes always seem to work well.
Phishing is an extremely popular, and hence frequent, first step in a hacking attack. Virtually everyone has at least one email address, and sending messages in bulk is cheap. Also, many people are inclined to click a link in an email, or download an attachment without particular scrutiny. In fact, KnowBe4 says that nearly one in three users are likely to click on a suspicious link or comply with a fraudulent request.
They might trust the source of the email (without double-checking if someone is impersonating an individual or a person of trust), or might react in haste due to the sense of urgency almost always present in phishing emails.
As usual, users are advised to use a reputable email service, deploy email protection tools, and use common sense when clicking on links and downloading attachments.
More from TechRadar Pro
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.