January 10, 2024 By Bill Toulas
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
Email security company Cofense warns that these attacks are becoming more frequent and even organizations with sound email security practices are having trouble against them.
Bogus 401k notices
401(k) is a popular retirement savings plan in the U.S. that offers a convenient way for employees to save for the future with tax benefits, often including additional contributions from their employer.
Cybercriminals take advantage of this topic and are sending targets 401(k) notifications posing as someone from their company's Human Resources department alleging an important plan update or an increase in contributions.
Cofense says that throughout last year it has seen a sharp rise in QR codes embedded in those phishing emails, taking recipients to a fake login page designed to steal credentials.
