Beware of Phishing! Fake Self-Evaluation Targets Employees 

Large companies typically conduct annual performance reviews, but what if you receive an email inviting you to take a self-evaluation outside the usual schedule? This could be a phishing scam! 

The Bait: A Self-Improvement Opportunity

The scam email, disguised as an official HR communication, highlights the benefits of self-evaluation: 

  • Candid dialogue with managers 
  • Identifying strengths and weaknesses 
  • Reflecting on career goals 

This convincing message might lure employees eager for feedback and professional development. 

Red Flags to Watch Out For

Despite the seemingly professional tone, some clues reveal the email’s true nature: 

  • Mismatched Sender Email: The sender’s email address might not match your company’s domain. An unrelated organization name like “Family Eldercare” is a clear giveaway. 
  • Urgency and Forcefulness: Phishing emails often pressure recipients with phrases like “COMPULSORY for EVERYONE” and “by End Of Day.” A legitimate evaluation wouldn’t use such forceful language. 

The Trap: Stealing Login Credentials

If you click through the email and proceed with the “self-evaluation,” you might encounter seemingly relevant performance-related questions. However, the real motive is revealed at the end: 

  • Request for Login Credentials: The final questions ask for your email address and password (disguised with asterisks) for “authentication.” This is a trick to steal your login information. 

Why This Scam is Cunning

Phishing scams often take you directly to a fake login page, raising immediate suspicion. This scam, however, integrates the credential request within the “evaluation” form, potentially bypassing your guard after engaging with seemingly legitimate questions. 

How to Stay Safe

  • Employee Awareness: Educate employees about the latest phishing tactics. Share informative resources like this blog post. 
  • Security Training: Regular training programs (like the Kaspersky Automated Security Awareness Platform) can equip employees to identify and avoid phishing attempts. 
  • Technical Safeguards: Implement security solutions with anti-phishing technology at the email gateway and on all work devices. 

By combining employee awareness with technical security measures, you can significantly reduce the risk of falling victim to phishing scams. 

Leave a Reply

Technical Details of the Breach