{"id":49061,"date":"2023-09-19T09:19:33","date_gmt":"2023-09-19T13:19:33","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=49061"},"modified":"2023-09-19T09:19:33","modified_gmt":"2023-09-19T13:19:33","slug":"hr-self-evaluation-scheme","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/hr-self-evaluation-scheme\/49061\/","title":{"rendered":"Self-evaluation questionnaire phishing scam"},"content":{"rendered":"

In large companies, as a rule the average employee isn\u2019t often asked for an opinion on their career aspirations, areas of interest, or accomplishments outside their job description. It tends to happen once a year \u2014 for the performance review. However, many would like to share their thoughts with management much more often. So, when an invitation to take a self-evaluation lands in the inbox, they jump at the chance without hesitation. And this is what cybercriminals exploit in the latest spear-phishing campaign.<\/p>\n

Phishing email with invitation<\/h2>\n

Seemingly from HR, an email arrives containing an elaborate description of the employee self-evaluation procedure, which \u201cpromotes candid dialogue between staff members and their managers\/supervisors\u201d. It goes on to say that \u201cyou can learn a lot about your strengths and shortcomings \u2026 to reflect on your successes, areas for development, and career objectives\u201d. All in all, quite a convincing piece of corporate spiel.<\/p>\n

\"Email

Email to employees inviting them to undergo a self-evaluation<\/p><\/div>\n

Convincing it may be, but all the same the email does contain a few identifiable red flags regarding phishing. For starters, take a look at the domain name in the sender\u2019s address. That\u2019s right, it doesn\u2019t match the name of the company. Of course, it\u2019s possible that your HR department might be using a contractor unknown to you \u2014 but why would \u201cFamily Eldercare\u201d be providing such services? Even if you don\u2019t know that this is a non-profit organization that helps families care for elderly relatives, the name should ring an alarm bell.<\/p>\n

What\u2019s more, the email says that the survey is \u201cCOMPULSORY for EVERYONE\u201d, and must be completed \u201cby End Of Day\u201d. Even if we leave aside the crude and faulty capitalization, the focus on urgency is always a reason to stop and think \u2014 and check with the real HR department whether they sent it.<\/p>\n

Fake self-evaluation form<\/h2>\n

Those who miss the flags and click through to the form are faced with a set of questions that may actually have something to do with assessing their performance. But the crux of the phishing operation lies in the last three of those questions \u2014 which ask the victim to provide their email address, and enter their password for authentication and then re-enter it for confirmation.<\/p>\n

\"Last

Last three questions of the fake questionnaire<\/p><\/div>\n

This is actually a smart move on the phishers\u2019 part. Typically, phishing of this type leads straight from the email to a form for entering corporate credentials on a third-party site, which puts many on their guard straight away. Here, however, the request for a password and email address (which commonly doubles up as a username) is disguised as part of the form \u2014 and at the very end. By this stage the victim\u2019s vigilance is well and truly lulled.<\/p>\n

Also note how the word \u201cpassword\u201d is written: two letters are replaced with asterisks. This is to bypass automatic filters set to search for \u201cpassword\u201d as a keyword.<\/p>\n

How to stay safe<\/h2>\n

To stop company employees falling for phishing, keep them informed of all the latest tricks (for example, by forwarding our posts about phishing ploys). If you prefer a more systematic approach, carry out regular trainings and checks, for example with our Kaspersky Automated Security Awareness Platform<\/a>.<\/p>\n

Ideally, employees should never even see most phishing thanks to technical means: install security solutions with anti-phishing technology both at the corporate mail gateway level<\/a> and on all work devices<\/a> used for internet access.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Attackers invite employees to complete fake self-evaluations to steal corporate credentials.<\/p>\n","protected":false},"author":2598,"featured_media":49064,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3051],"tags":[4032,76,4480,1080],"class_list":{"0":"post-49061","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-hr","10":"tag-phishing","11":"tag-signs-of-phishing","12":"tag-spear-phishing"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hr-self-evaluation-scheme\/49061\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hr-self-evaluation-scheme\/26226\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hr-self-evaluation-scheme\/21680\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hr-self-evaluation-scheme\/28919\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hr-self-evaluation-scheme\/26529\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hr-self-evaluation-scheme\/26675\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hr-self-evaluation-scheme\/29166\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/hr-self-evaluation-scheme\/20992\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/hr-self-evaluation-scheme\/21760\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hr-self-evaluation-scheme\/30474\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hr-self-evaluation-scheme\/32530\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hr-self-evaluation-scheme\/32184\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/signs-of-phishing\/","name":"signs of phishing"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=49061"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49061\/revisions"}],"predecessor-version":[{"id":49065,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49061\/revisions\/49065"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/49064"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=49061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=49061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=49061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}