New Phishing Attack Mimics Performance Appraisal Processes To Target Corporate Employees

  • The purpose of the attack is to steal an employee’s business account credentials.
  • The attack involves employees receiving emails that pretend to be from the human resources department.

A new corporate phishing attack that mimics the performance appraisal processes has been found targeting employees. The purpose of the attack is to steal an employee’s business account credentials.

How does it work?

According to Kaspersky Lab, the attack involves employees receiving emails that pretend to be from the human resources department. The email informs the recipients of a performance appraisal process and instructs them to click on a fake ‘HR Portal’ link. This link redirects the recipients to a primitive website asking them to provide their login details.

Making less susceptible

  • In order to make it look less suspicious, the phishing page includes an ‘I agree to the Privacy Policy’ checkbox. This makes the page look legitimate to the victims.
  • After the recipients fill in the login details on the phishing page, it asks them to wait for an email with additional instructions and select one of three options for a performance appraisal.
  • Once filled, the entered username, email address, and password are sent back to the attackers.

The interesting aspect of this appraisal ruse is that it comes to an abrupt end, with the victim never receiving the promised follow-up email.

Tricking corporate employees is not new

The corporate phishing trick is not new by fraudsters. Back in August 2018, Avanan had spotted bad actors using SharePoint files to host phishing links.

This year, bad actors were also observed using Microsoft voicemail notifications to trick recipients in opening HTML attachments that redirected them to phishing pages.

In September 2019, a spear-phishing campaign was launched by the Gorgon APT group that used the lure of an invoice to infect European organizations with data-stealing malware.