Make sure that email from HR is legit - it could be another phishing scam

HR topics are increasingly popular among hackers engaged in phishing

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you get an email from the human resources (HR) department, just make sure it’s legitimate before opening, because fake HR emails is one of the most common tactics deployed by cybercriminals, experts have warned.

This is one of the conclusions echoed in KnowBe4’s latest report on phishing, which found the trend ofimpersonatingthe HR department is holding steady. The emails could be about dress code changes, different training notifications, vacation updates, or pretty much anything else.

“These are effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee’s personal life and professional workday,” the company warned.

Halloween mails

HR emails aside, some hackers will also draft phishing emails related to the holiday season or other seasonal events. Four out of five top holiday email subjects for the quarter were related to Halloween. Finally, emails around IT and online services notifications, as well as those related to taxes always seem to work well.

Phishing is an extremely popular, and hence frequent, first step in a hacking attack. Virtually everyone has at least one email address, and sending messages in bulk is cheap. Also, many people are inclined to click a link in an email, or download an attachment without particular scrutiny. In fact, KnowBe4 says that nearly one in three users are likely to click on a suspicious link or comply with a fraudulent request.

They might trust the source of the email (without double-checking if someone is impersonating an individual or a person of trust), or might react in haste due to the sense of urgency almost always present in phishing emails.

As usual, users are advised to use a reputable email service, deploy email protection tools, and use common sense when clicking on links and downloading attachments.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics