Benefits Enrollment eMail Phishing Scam

Be aware of this latest phishing attempt. It's an extremely dangerous bit of code delivered via email.

Phishing emails used to be pretty easy to detect. eMails from other countries would have several spelling or grammatical errors, but grammer checking and writing tools have helped cybercriminals clean up their phishing emails making it harder to ignore.

The latest phishing email contains a business name and is sent out to everyone on the business contact list, informing the employees that it's time to again enroll for benefits and the headline indicates that the time to do so is near, enticing the reader to act now.

Don't be fooled. The attachment has the ability to drop a hidden encrypted payload that can evade IDS and some pretty sophisticated network security. If executed, it will steal location GPS and will send back a tracking message to the hacking group. Then a live person from the hacking group will contact you asking for social security information, banking information and so forth.

What's the best solution when it comes to phishing emails? Stop and think. This benefit enrollment email is being sent in June. Open enrollment for benefits won't happen until November, so that's a red flag, and remember that no matter what time of year it is, never give out banking or Social Security information to anyone who calls you.

Read up on The Ultimate Guide to Phishing Attacks and How To Prevent Them.

To learn more about endpoint security, check out this article

If you are concerned about your current cybersecurity status, you can schedule a free consultation with us and we can provide you with an evaluation as well as recommendations on how you can improve.