Representative imageBCCL
The email looks like a simple enough letter from Human Resources (HR) outlining the company’s new Rules of Conduct. With increasing global diversity at workplaces, concerns over harassment are taken more seriously. And with remote work becoming the new normal, companies are revising their employment and workplace guidelines.
The HR department is mandated to follow up. And because of that, while one must read through the entire guidelines - for many employees - clicking through and approving it feels an easier task. Something that they can get out of the way without having to look into too deeply.
According to Duklin, even if a message looks innocent at first sight, it’s worth a second to look to check for suspicious-looking email addresses, spelling mistakes, or inconsistencies in the terminology.
Clicking on a subject link that addresses tax documentation for work purposes has become a no-questions-asked routine. Most employees simply want to know how long it will be for their forms to come in so that they can file their returns accordingly. It’s one of those ‘necessary evils’ that the world has learned to accept, according to Duklin.
The research team at Sophos was surprised to see this trick so high up on the list of phishing threats because they assumed that most people are likely to ignore messages from the IT department. However, with more people working from home, the status quo is changing.
Employees want to know when an outage is likely to occur so that they can plan their lives around it.
The IT department hones down whatever productivity scheduling application is used in house from Slack to Asana, just as genuine threat actors would, so that the email doesn’t obviously stand out as bogus.
A new way to organise your email or anything to make the daily communication easier is usually welcomed by employees, which makes a new email system test email the easiest way to reel them in.
First off, who doesn’t want to know if there’s been a change in the way that they can take vacation days? Second of all, the email doesn’t stand out because many companies are genuinely shifting their policies in the wake of remote work and the coronavirus pandemic.
This applies mostly to users in the US who have automated systems to alert them when they’ve left their car lights on.
This trick isn’t specific to the COVID-19 pandemic, but was well-established phishing means even in the old world. Shopping online has become all too common, and if a package isn’t going to get delivered — recipients want to know about it right away.
The reason most employees click-through an email is because somewhere, it makes sense that a ‘secured’ document would probably require an extra step or two. The problem is that it can lure employees into submitting their passwords into false platforms or adjust the security setting on their devices.
Before submitting your password anywhere new, it’s best to check in with the IT or whichever is the concerned department first to ensure that it’s not a phishing attempt.
For employees, this takes the form of a LinkedIn notification since that is the most widely used professional platform. LinkedIn is also enjoying supremacy in the time of COVID-19, with more people on the lookout for new jobs.
In case you do spot a suspicious phishing email in your inbox, reporting it to your company’s security or IT team will, at best, keep your account from getting hacked. And at worst, show your company that you have the cybersecurity smarts.
Copyright © 2023. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.