HR-related Phishing Scams Are on the Rise: Stay Alert!

HR-related phishing scams

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

September 1, 2021

Phishing scams related to COVID-19 were everywhere last year. Fortunately, those have dropped off significantly in 2021. This is most likely because of user awareness: People now recognize them as either suspicious or downright fraudulent. Last week, the cybersecurity pros at KnowBe4 put out a quarterly report detailing the types of phishing scams users are falling for most these days. One genre that has seen a significant spike in recent months is the HR-related phishing scam. And it makes sense: People are returning to their offices under new sets of policies and protocols. Some are starting new jobs altogether. An email claiming to be about an HR issue would seem completely legitimate.


The subject lines that tricked us to click


Over the past 3 months, KnowBe4 looked at tens of thousands of email subject lines from simulated phishing tests. In the top 10, nearly all those clicked on were HR-related phishing scams.  Among the most clicked were messages with subjects lines like:

  • Vacation Policy Update
  • Dress Code Changes
  • ACH Payment Receipt
  • COVID-19 Remote Work Policy Update
  • Test of the [[company name]] Emergency Notification System

…and others.


Subject lines from messages reported by users


They also looked at the (purported) sender and subject lines of actual emails that security-savvy users turned in to their IT departments as seeming suspicious.  Things like:

  • (Appearing to be from) Zoom: Important Issue
  • Docusign: Lucile Green requests you to sign Mandatory Security Training documents
  • IT: Remote working missing updates
  • HR: Electronic Implementation of new HRIS

Fortunately, all of these raised red flags with staff.


Social media messaging: Be careful on LinkedIn!


For the last 3 years, LinkedIn users have led the way in clicks on phishing messages within social media. And it’s understandable; since LinkedIn is a professional network, messages sent through it have an automatic air of legitimacy. The obvious risk with this lack of concern is that many users have their accounts tied to their corporate email addresses. Employees should be warned to look carefully for the clues of a phishing scam before clicking on or responding to any message in LinkedIn.  Phishing messages from the other big social media giants, Facebook and Twitter, also occur, usually in the form of (fake) notifications and alerts.


Check it out for yourself


KnowBe4 has created a great infographic detailing their report, which you should download and post or circulate amongst your staff. The most popular phishing subjects clicked on within social media are laid out in a pie chart. And the Top 10 list of most clicked-on scam email subject lines found through their simulated phishing test – again, mostly HR-related –  will give you a good idea of the types of things you need to warn your employees about.  And finally, the list of most common “in the wild” (or self-reported, actual) email subjects are listed.  This infographic is a great visual tool for your staff’s security awareness training. Speaking of which, maybe now is the time for that cybersecurity refresher course you’ve been putting off for the past 18 months. Just some food for thought.

You May Also Like…

You May Also Like…


Translate »
Share This