Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Scams use deception to steal money, credentials, or sensitive data, making them a cybersecurity risk for individuals and organizations.
Search across headline titles and summaries.
Background for this topic.
Scams are deceptive schemes intended to make people surrender money, credentials, sensitive information, or access. In information security, they commonly use phishing messages, impersonation, fraudulent websites, business-email compromise, fake technical support, or malicious attachments. Their defining feature is manipulation: the attacker creates a credible pretext and pressures the target to act before verifying the request.
Security teams should treat scams as an attack surface spanning email, messaging, telephone calls, social media, and payment workflows. Material risks include account takeover through stolen credentials, unauthorized payments, disclosure of personal or company data, and malware execution from deceptive content. Useful controls include phishing-resistant authentication, secure payment-change procedures with independent verification, filtering and domain protections, user training focused on reporting, and rapid review of suspicious messages or transactions. Incident handling may require revoking sessions, resetting credentials, contacting financial institutions, preserving evidence, and notifying affected parties where applicable.
Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed
Dubai Police are issuing warnings about highly indexed websites that mimic popular online destinations, like the city's travel card top-up site.
Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack StatsThis week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4 million from Gamma, dYdX detailed post-hack steps, CertiK published 2023 hack stats, TRM Labs discussed North Korean hacking and Apple India blocked users from offshore crypto exchanges.
Scammers are targeting multiple brands with "job offers" on Meta's social media platform, that go as far as to offer what look like legitimate job contracts to victims.
Speculation builds over whether a nearly year-old policy change was to blame Google-owned security house Mandiant's investigation into how its X account was taken over to push cryptocurrency scams concludes the "likely" cause was a successful brute-force password attack.…
A Nigerian national has been sentenced to a decade behind bars for his role in romance and BEC scam
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. [...]
Blockchain security firm Certik had its own social media account hacked to push a crypto scam