Credentials phishing email

Summary: Scammers send phishing emails pretending to be recruitment platforms, HR software providers, or other business services that employers use in their recruitment process, in an attempt to steal login credentials for employers’ accounts. 

Tactic used: Impersonation and creating a false sense of fear and urgency. Scammers create fear and urgency by claiming there are issues with the employer’s account or threatening a disruption of services. Scammers suggest rectifying these issues by clicking on a link or downloading an attachment, the contents of which may be malicious and designed to steal credentials. To build trust, scammers often impersonate the company’s branding, using logos and creating email domains that closely resemble the legitimate domain, with only minor misspellings, that can be overlooked when skim-reading. 

Top recommendations: 

1. 1.

   Never click on links or download attachments in unexpected emails, even if they claim to be from legitimate companies. 

2. 2.

   Verify unexpected or suspicious requests directly with the company by reaching out via the contact details listed on their official website. 

3. 3.

   Access your accounts only through the official websites by manually searching for them on your browser.