Dec 31, 2022
Criminals may have their eyes set on you if you have just started a new job and are a potential target for them. You are unsure of how things operate at your new workplace, are anxious to create a good first impression, and want to be a team player. Therefore, if you get email from a supervisor or a coworker asking for donations to retirement or surprise birthday party, you are likely to comply with the request.
According to Mike Flouton, you are a great target for a request from the CEO that seems real and urgent to purchase gift cards, but you are to keep this information a secret since the gift cards will be a surprise reward. You will be asked to buy gift cards in this request, but you are to "keep it on the down low."
You can also receive an email from information technology requesting you to establish or change your password or an email that looks like it came from human resources asking for personal information. According to Ed Bishop, a business that focuses on defending against human error in security, new workers are a target since they are unfamiliar with the processes used in the workplace.
How are these thieves even aware of the location of your place of employment? According to Flouton, in most situations, it is because you informed them when you posted your new job or promotion on LinkedIn or any other form of social media. From that point on, it is often quite simple to determine who else works there, in addition to the names of your boss and the CEO. Many businesses either publish their workers' names and email addresses on their company websites or use naming conventions for email accounts that are easy to figure out.
Additionally, new hires are just some of the people hackers target. They could capture automatic vacation email answers to discover when workers will be gone and where they will be going; this information is important when impersonating a colleague.
According to a study conducted by Tessian in 2020 with a sample size of 2,000 professional employees, 43 percent of those who clicked on a bogus phishing email did so because it seemed authentic. In addition, 41% of respondents said that it was because the email gave the impression that it was sent from a top executive.
Phishing is the practice of sending an email to many email addresses to elicit a response from one of the recipients. When someone has a specific target in mind, such as a new employee, they engage in spear-phishing.
Therefore, how can you determine if an email or a request is genuine? Poor language, unusual wording, spelling, or branding that isn't quite right are all red flags that should raise immediate suspicion. However, the impersonators are improving their skills. Here are some less apparent clues:
According to Flouton, one tactic that may be used to trick individuals is called "typosquatting." For instance, a valid email address like [email protected] may be rewritten as [email protected] or [email protected] if translated incorrectly. It is simple to mistake the 0 for an O or to forget that the company's name is spelled somewhat differently.
Criminals are well aware that rash choices are often bad choices.
Thieves often exploit gift cards; therefore, any request to purchase one on someone else's behalf should raise a warning signal. Gift cards may be found at most major retailers. It is a dead giveaway when they ask you to scratch off the security coating to expose codes and send them to you.
Bishop notes that there are instances in which emails lack any of these telltale signs. What is the most effective strategy to protect oneself from falling prey? "Pause and reflect," the Bishop admonishes. "Take a minute and a half to thoroughly examine the sender's email address and determine whether or not it corresponds to their display name."
Before taking any action, he recommends that you make an effort to contact the purported originator of the request via another method of communication to determine whether or not the request is genuine. Bishop claims that you won't get in trouble for checking anything twice. Again, take a moment to pause and consider the question: Would someone expect a brand-new worker to fulfill an urgent request?
Bishop recommends that you notify your company's IT security staff if you have any reason to believe that you may have accessed or reacted to an email you were not authorized to do. Inform them of what you have received, the tasks assigned to you, and whether or not you have downloaded anything, exchanged information, or entered your login credentials.
If you give in to a request for a gift card, contact the card's issuer as soon as possible. If the card has not been used, it is possible to nullify the transaction, and you may be eligible for a refund. You may also file a complaint with the Federal Trade Commission about the occurrence by visiting the website ReportFraud.ftc.gov.