Skip to main content


Threat Actors Taking Advantage of Open Enrollment, 401K Updates, and other Timely HR Initiatives

12 styczeń 2024

Threat actors are using employee’s annual responsibilities like open enrollment, 401k updates, salary adjustments, and even employee satisfaction surveys as lures to steal credentials. Most of these responsibilities tend to fall towards the end of the year, which is subjective to the calendar the employer uses. Employees typically expect, and in some cases, look forward to receiving notifications and even emails at least once a year that fall into these categories. This makes social engineering attacks that use these types of lures extra deceptive since employees often expect to interact with emails. This report brings awareness to these types of social engineering lures by highlighting a few examples of phishing emails found in the inboxes of intended targets.

Employees often anticipate or even look forward to receiving annual updates like the ones covered in this report. It’s important that organizations have a consistent schedule so employees know when to expect these types of notifications, but it’s equally important that employees are made aware of how these updates can be used maliciously. These tasks generate emotions for employees whether they are considered extra work, an exciting change in finances or benefits, or even a task to be completed urgently. This added emotion can cloud even the most well-trained employee’s judgment when it comes to phishing emails. The examples in this report use many different tactics to force employee interaction like QR codes, malicious attachments, or just the common phishing link. Regardless of the tactics, all the emails below reached their intended targets with nothing left to prevent credentials from being stolen except for the employees’ education on phishing attacks...Read More!