Oops! That was a phishing email!

This was an authorised phishing simulation run by Acumenis on behalf of your organisation.

What is phishing?

Phishing is a type of social engineering attack often used to steal user data (e.g. login credentials and credit card numbers) or compromise computer networks. It occurs when an attacker, masquarades as a trusted entity and entices their recipients into opening an email, instant message, or text message.

Phishing attacks remain among the most common method used by malicious cyber actors to target organisations. While phishing messages are commonly sent out in their thousands, spear-phishing campaigns are typically aimed at a particular group of recipients.

The goal of phishing attacks

Phishing emails typically have three common goals behind them. The emails may lead to a phishing website that harvests your username and password, a file that will takeover your computer or they may try to engage you in conversation for the purposes of blackmail.

Credential Harvest

Comes in the form of a malicious hyperlink embedded in an email. Once clicked, the victim is led to a phishing website that imitiates a legitimate service (e.g. Office365, Gmail, etc.) and asks for login credentials. Once input, credentials are sent in real-time to an attacker.

Endpoint Compromise

Comes in the form of an email with a malicious attachment. Once downloaded and opened or executed, the attacker may gain instantaneous control over the victims computer. The victims computer may then have data stolen, be ransomwared, etc.

Reply-To Attack

Comes in the form of an email masquarading as someone the victim may personally know. Abusing this trust relationship, the victim is enticed into a back-and-forth conversation. The victim is then enticed to perform an action that will ultimately harm themselves.

Learn to spot the phish

Curious how you can spot the phish in the future? Take a look at our guided tour which highlights how attackers use a combination of urgency, fraudulent sender addresses, engaging content and malicious websites or attachments to compromise their victims.

Begin the Guided Tour

Compose

Folders

Labels

[URGENT] Claim Yor Work From Home Set-Up Payment

HR Employee Benefits ( [email protected] )

to [email protected]

Dear John,

Claim Your Work From Home Set-Up Payment

Our company aknowledges that we are all working from home for a longer period and is offering a one-time payment to all employees of $1500.00 USD to ensure that you have a suitable home working set-up.

We recognize the importance of a proper work set up for all our employees' overall wellbeing.

To receive the payment via payroll, you will need to complete this acknowledgement form .

For more information on how to set up your home office space safely, please look at the:
https://www.workingfromhome.hr/arragements/concur/apps/track

Thank you,
The Human Resources Team

***This is an automatically generated email, please do not reply***

Attachment (1)

expense-report.docm