Threat Alert: What to Watch For

• Cybercriminals have launched a series of phishing attacks using the threat of employee transfers and terminations as a lure. The phishing emails use the subject line "Annual Transfer list & Terminated Employees.”
• While the email from field says it is from “Human Resources Management Section,” the sending address is a Gmail account. 
• The phishing emails contain a legitimate Dropbox link purporting to lead to a document outlining employee transfers or terminations. Clicking on the link leads to the installation of malware. 

Key Action: Report Suspicious Emails

• Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
• Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
• If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
• If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link. It can be tempting to click on a “call-to-action.” But if you notice a subtle change or inconsistency within a message claiming to be from HR or another internal department, don’t ignore it—report it.
• Keep in mind that cybercriminals regularly abuse legitimate services like Dropbox. Abusing legitimate services gives cybercriminals and their lures an additional air of legitimacy. If you see an unexpected email linking you to an unknown document, it should be regarded as potentially malicious.
• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs. Matters regarding employee transfers or terminations would never be sent from a sending address outside of the organization.