It’s a common scenario: a new hire is excited to join your organization and posts a public update on LinkedIn. This post tells the world their start date, the organization they’ve joined, and the role they will place. For example, announcing you’ve entered an organization as “Director of Finance” is like putting a bright red target on your chest.
Cybercriminals, like always, are getting smarter. One new tactic we’re seeing among our clients is a specific target on new hires posting about their new job on LinkedIn. We often see a direct correlation between the described LinkedIn post and an uptick in phishing emails. Let’s review why cybercriminals are targeting new hires and how to identify signs of phishing.
Why Are Cybercriminals Targeting New Hires?
New hires mean a couple of things to cyber criminals.
First, just that–they’re new. They are learning the organization’s cybersecurity protocols and are most likely to make a mistake.
It also means that the employee is being set up in the system. This can often take several days or weeks. During this time, vulnerabilities and cybersecurity lapses are more likely to exist than in a seasoned employee that has been established with the organization for years.
Third, it provides cybercriminals with up-to-date information on a specific employee’s role (i.e., Director of Finance). Depending on their role, cybercriminals will craft their targeted phishing email accordingly. The more specific they can be, the more successful the attempt is likely to be.
What Does Phishing Look Like?
The good news is that even if someone is new to your organization, the signs of phishing are all the same from organization to organization. In a best-case scenario, your new hires will come with some base level of understanding of how to spot a phishing email. In the event they don’t, share these telltale signs with them in the onboarding process. A simple understanding of these phishing indicators can save your organization a lot of headache down the road:
5 Signs of Phishing
- URLs that look deceptive, inauthentic to the brand sending it, or have obvious errors (i.e., a bank name spelled similarly but with one minor mistake).
- Generic email introductions.
- Included attachments. Attachments included from a brand are a major red flag and could signal a phishing email.
- Incorrect or out-of-date names, logos, dates, or designs.
- False sense of urgency. If you receive an email from your bank with a ridiculous timeline for a response, consider that the email may be fake.
- The “hover to discover” trick. Hover over the sender’s display name and double check the email address matches the display name.
If you spot any of these signs of phishing, contact your IT team immediately before responding to the email, forwarding it, or clicking any links in the email.
Streamline Your Onboarding Process
Working with a managed IT provider like Clarity Technology Group means a lot of things–but specifically, when it comes to onboarding, it means peace of mind that onboarding for new hires will include a lesson in cybersecurity. Pass on the above points to your HR team so they can be communicated to new hires.
Training new employees to spot the signs of phishing, and establishing a culture of reporting suspicious activity, will protect your organization immensely. If you feel your onboarding process–or your overall cybersecurity–could be improved, get in touch with our team to schedule a free assessment of your organization.