Watch out - that 401K statement could be a scam to steal your company logins

A computer being guarded by cybersecurity.
(Image credit: iStock)

Cybersecurity researchers have warned of an uptick in phishing emails targeting people’s employee credentials.

Experts from Cofense have detected a rise in phishing emails in which threat actors impersonate their victims’ Human Resources department. In the email, the attackers are warning of an important upcoming plan update or an increase in 401k contributions.

401k is a popular personal pension account plan in the United States, sponsored by the user’s employer. Sometimes, employees contribute to the plan directly from their paycheck, which is then matched by their employers.

Fake 401k alerts

In the phishing email, the attackers share a link to a fake login page, designed to steal the victim’s credentials. In some cases, the emails come without a link, in order not to trigger email security solutions that could filter them to the spam folder. Instead, the attackers would embed a QR code, which most email security solutions don’t scan and don’t consider potentially malicious.

Furthermore, the victims are invited to scan the code with their smartphones, which rarely come with proper anti-phishing solutions. 

While phishing emails around 401k plans are popular, they are not the only topic, Cofense’s researchers added. Other email topics include open enrollment, surveys, and salary restructuring communications. 

Open enrollment allows employees to enroll in health insurance or retirement plans, and is usually a hot topic towards the end of the calendar year. 

Employees take these messages very seriously, as failing to enroll before the deadline could mean a loss of eligibility for some benefits until the next enrollment round.

As usual, the best course of action would be to deploy common sense and always be careful when receiving email messages. Everyone should be mindful of the sender’s address, any spelling, grammar, or language discrepancies in the email, links and attachments and finally, messages that are “urgent” or too good to be true.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.