Phishing in the Water Cooler: Human Resources Departments Highly Targeted in Attacks

Cyber attacks hit a variety of businesses across all industries. Because of this, the essential departments that are found across all businesses are regular targets for a multitude of attacks. This consistently includes a company's marketing department and finance department -- which is the number one target of cyber attacks at businesses. Cybercriminals tend to target financial services departments due to the nature of the data that can be accessed if a cyber attack is successful; however, right behind finance is another, almost more valuable, resource for vital company information -- the Human Resources department.

Why target HR Departments?

Human Resources (HR) is one of the primary departments at every company which works consistently both with internal employees as well as external applicants and other interested folks a great deal. This means they are a prime potential entry point for malicious actors to try and gain access to company data. On top of this, HR employees have such an intimate level of access to personally identifiable information (PII) such as employee names, social security numbers, and email addresses as well as their ability to access vital company networks, making them high targets for cyber attacks. One of the primary cyber attacks used to try and dupe companies is phishing, a cyber crime which consists of maliciously disguised email scams which are veiled as legitimate and used as a vehicle for cybercriminals to gain access to networks and databases. As one can imagine, it would be detrimental to companies, employees, applicants, and any other related parties if malicious actors were able to gain access to data held by Human Resources departments.

While cybercriminals continuously target human resources departments due to the gold mine of information they possess, these targeted attacks have increased significantly in recent months due to the impact COVID-19 has had on business operations. Because of the current state of the world, the hiring process has moved from professional attire, eye contact, and handshakes in in-person interviews to interviews conducted over Skype or Zoom and a heavy reliance on phone calls and email correspondence more than ever before. Cybercriminals are now going on the offensive and masquerading as eager job hunters in an attempt to trick company employees and HR departments via phishing scams.

CV Phishing Attacks

According to Check Point Research, a phishing scam has been making the rounds where malicious actors attempt to trick job seekers by sending out emails which include attachments claiming to be to be curriculum vitae (CV) or the collection of files one would submit when apply for a job (i.e. resume, cover letter, etc). Rather than being a resume, cover letter, or any other CV, these files contain malware used to steal user credentials and PII. in order to infect said companies with malicious software.

This email scam masquerades as a typical interested applicant, including a subject line such as "applying for a job" or "regarding job posting" and goes on to express how interested the potential candidate is in said position. It also includes what is claimed to be a CV file which is actually a macro-enabled Excel file. When the recipient clicks on said files, it initiates the macro in the file to run and download malware onto the unsuspecting victim's computer which feeds into the network. One of the most common malware utilized by hackers in CV-masked emails is Zloader which is a variant of Zeus malware -- a malware utilized by hackers to steal banking passwords and other financial data, which can be used to perform transactions using the stolen credentials.

Phony Chatbots

Cybercriminals do not only hit Human Resources departments via email phishing scams, but they also utilize slightly less formal chat options to manipulate chatbots to trick candidates. Said malicious actors try to dupe people into clicking links, sharing confidential company data or downloading files. "Chatbots" are essentially chat features utilized to answer frequently asked questions, a feature many websites utilize in order to free up their resources which would otherwise be tied up in handling easily answered questions.

According to Marc Laliberte, a senior security analyst with WatchGuard Technologies in Seattle, "Many chatbots are now used to help recruit, to answer frequently asked questions from employees and for other uses in HR. They open up a new avenue for phishing attacks from hackers because they can make fake chatbots pop up on a site and steer unsuspecting users toward giving up sensitive information by tricking them into thinking they're interacting with a company-created bot."

While chatbots can provide a benefit to companies and users of company websites, they also present a vulnerability for Human Resources departments to be even further targeted by cyber attacks.

Tips to Protect Your Human Resources Department

• Educate Human Resource employees and hiring managers on how to spot phishing emails and malicious file attachments. Ensure employees keep an eye out for things like grammatical errors or urgent demands to spot obvious phishing emails. Look for strange email addresses or domains to discover if the sender has malicious intent. Additionally, do not click on attachments included in emails right away, rather try to hover over the attachment and see the actual file type.
• Establish multiple forms of communication in order to ensure applicants are legitimate. One way to weed out the fake applicants from the real ones is to establish multiple forms of communication in order to validate the individual's legitimacy. Put a system in place to have applicants call and provide their email addresses and information over the phone to ensure there is a real person on the other end and not a sneaky cybercriminal. Double checking professional references and even sites like LinkedIn can help to make absolutely sure that the person at the other end of the email is who they claim to be.
• Enhance chatbot monitoring and security. As mentioned above, chatbots can be incredibly helpful to a company to answer FAQs that website users may have, however, because they are often left on "autopilot" cybercriminals can copy a chatbot and use it to steal important information. If your company uses this tech, be sure to monitor and secure said bots to add another layer of defense to your company.
• Emphasize caution and incorporate HR and IT interaction and collaboration. Set up a policy where HR can send phishy looking emails and files to the company IT department for review -- it is better to be safe than sorry and utilizing your company's other teams can only strengthen its cyber defenses.

Image by Katemangostar for FreePik.