Work emails are prime targets for cybercrime. This is because of the trust factor we have in our “internal” emails that we receive.
Have you ever gotten an email from your finance department requesting your bank information again, but it just seemed off? What about from the boss urgently telling you to transfer funds to cover an invoice? How about that QR code in the email from your HR department telling you there was an update to the handbook, and you should download it to see?
All of those are very not good situations. They can all be scammers trying to get you to put money in their pockets. Whether it is by transferring funds or just getting the virus containing document installed on your device.
There was an incident that was reported to me from a client that had just this happen. HR sent them the QR code for them to scan with their phone and download the updated handbook. This never came from HR and COULD have been laden with a virus or other info stealer. The great news was it was a dud of a QR code. Nothing ever was downloaded or activated from the scan of the code. Lesson learned! It could have been a lot worse! Especially because they worked for a medical facility!
Why This Works
These phishing attempts are meant to impersonate coworkers or employers. They tend to be very effective because they rely on the trust factor. Scammers can spoof email addresses easily enough and make you think you are getting that email from your boss, finance department, or HR. They hope that you will not notice the VERY subtle differences.
After you interact with the emails, you are at more risk as well. Opening an attachment can lead to ransomware. Clicking on the link could lead to credential leaking. In the above QR Code mishap, there could have been an app collecting information in the background for the scammer.
They are becoming harder and harder to spot as well. AI is keeping the grammar issues that raise flags almost disappear.
Ask me about more instances that we have seen. I am happy to tell you all the horror stories of hacks “gone right”.
The best thing you can do if you think you have been a victim of a scam like the ones above, is to report it immediately to your IT office. Don’t think that it will just go away. It is so very important to make that report. If you don’t have an IT office, call a professional, such as WWDoT Computers, to help look at your device and make sure you are not harboring malware or spyware. An antivirus is not always the best at catching these types of things.
We are here to help, you should never feel alone!
As always, please feel free to reach out to us if you have any thoughts on this.
Stay Safe Out There!