1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out - that 401K statement could be a scam to steal your com

    From TechnologyDaily@1337:1/100 to All on Thu Jan 11 17:15:05 2024
    Watch out - that 401K statement could be a scam to steal your company logins

    Date:
    Thu, 11 Jan 2024 17:02:29 +0000

    Description:
    Hackers are impersonating HR departments and fake 401K statements to get people to share their company login credentials.

    FULL STORY ======================================================================

    Cybersecurity researchers have warned of an uptick in phishing emails targeting peoples employee credentials.

    Experts from Cofense have detected a rise in phishing emails in which threat actors impersonate their victims Human Resources department. In the email,
    the attackers are warning of an important upcoming plan update or an increase in 401k contributions.

    401k is a popular personal pension account plan in the United States, sponsored by the users employer. Sometimes, employees contribute to the plan directly from their paycheck, which is then matched by their employers. Fake 401k alerts

    In the phishing email, the attackers share a link to a fake login page, designed to steal the victims credentials. In some cases, the emails come without a link, in order not to trigger email security solutions that could filter them to the spam folder. Instead, the attackers would embed a QR code, which most email security solutions dont scan and dont consider potentially malicious.

    Furthermore, the victims are invited to scan the code with their smartphones, which rarely come with proper anti-phishing solutions.

    While phishing emails around 401k plans are popular, they are not the only topic, Cofenses researchers added. Other email topics include open
    enrollment, surveys, and salary restructuring communications.

    Open enrollment allows employees to enroll in health insurance or retirement plans, and is usually a hot topic towards the end of the calendar year.

    Employees take these messages very seriously, as failing to enroll before the deadline could mean a loss of eligibility for some benefits until the next enrollment round.

    As usual, the best course of action would be to deploy common sense and
    always be careful when receiving email messages. Everyone should be mindful
    of the senders address, any spelling, grammar, or language discrepancies in the email, links and attachments and finally, messages that are urgent or too good to be true.

    Via BleepingComputer More from TechRadar Pro What is phishing and how dangerous is it? Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-that-401k-statement-could-be- a-scam-to-steal-your-company-logins


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)