More and more employees are falling victim to “phishing” attacks, those deceptive emails that trick you into revealing confidential information. Messages that appear to come from human resources departments are the most dangerous.
Article written by
Published
Reading time : 1 min.
An email signed by the company’s HR and asking you a question about your annual leave: nothing could be more banal, a priori. Except that it may be an attempt to capture sensitive data. It is precisely this type of emails that we are most easily tempted to respond to, according to a study conducted by the cybersecurity provider F-Secure.
The company tested more than 82,000 corporate employees by sending them fake emails. Results: 22% of them responded to false messages from human resources which therefore constitute, according to F-Secure, the attacks of phishing the most formidable. Then come the messages asking you to pay an invoice: in this case, 16% of employees respond to them.
These scams, called “president scams”, involve a hacker pretending to be the boss and asking someone in the accounting department to wire money to pay a client. In December 2021, the accountant of a Parisian company which was preparing its IPO was a victim. Conclusion: a record scam of 33 million euros in a few weeks.
According to F-Secure, employees of technical and IT services are not the last to fall into the trap. In one of the four companies monitored by this study, developers were 30% to click on fraudulent emails, while only 11% of employees had been had.
Telecommuting also has its role to play. Being distant from colleagues encourages you to respond urgently, without thinking, to their requests. We want to show that we are effective by responding quickly. However, it is precisely on the register of urgency that fraudulent messages play. Last year, according to the Club of Information and Digital Security Experts (Cesin), one in two companies suffered between one and three successful cyberattacks.