January 10, 2024 at 01:37PM
Cybercriminals are using tactics such as fake 401(k) notices, open enrollment communications, and salary adjustment messages to steal employees’ credentials. Despite organizations’ robust email security solutions, phishing emails are still making their way into employees’ inboxes, particularly targeting large enterprises. Cofense advises coordinating and educating personnel to mitigate these attacks and recommends avoiding QR codes in legitimate business communication.
Based on the meeting notes, the key takeaways are:
– Threat actors are targeting employees’ credentials using phishing emails related to personal pension accounts, salary adjustments, and performance reports.
– Cybercriminals are using tactics such as sending bogus 401(k) notices, open enrollment, surveys, salary restructuring communications, and fake employee satisfaction surveys to trick employees into disclosing their credentials.
– Cofense warns that the use of QR codes in phishing emails has increased, leading recipients to fake login pages designed to steal credentials.
– Defense tips include scheduling HR communications, educating personnel about phishing attempts, and avoiding the use of QR codes in legitimate business communication.
Let me know if you need further details or if there’s anything else I can assist you with!