Social Engineering: We Were Targeted!
January was a busy month for hackers and social engineers! We have a couple VERY targeted examples that hit our team. We knew what was happening right away but saved some examples so we can tell you what to look for.
The first one was an email (odd sender) from the HR-Management Desk. It said that my payroll expense report will be reimbursed on my next paycheck dated on the 1099 form (a mix of payment vehicles). All I had to do was fill in and complete the form and submit it to a specific email. The email address ended in our Syscon domain, but it was not a valid email ‘person’ for us. It said this was an automated message so the inbox wasn’t monitored. If I had any questions or to fill in the form, I could use the barcode (it was a QR code) or submit an ‘enquiry’ to HR. It even had our blue logo in the body of the email! To really spice it up, it asked how their service was, had an important reminder, and even referenced an IRS Circular document.
What would your team have done? Would they have sent each other a few Teams messages to find out what was going on? Would they have warned each other? What regular warnings and tips have shared with YOUR team members? Perhaps this is a good place to start! -CMW