British law firm Knights certainly has an interesting way of keeping its staff happy.

Employees disappointed staff with a recent salary review that allowed either zero pay raises or “a small percentage of wages that are already well below market,” but “Important Notice: Salary Increases.” I was pleased to receive an e-mail titled

Hello<編集済み>

From the next fiscal quarter, as a result of an evaluation of the current salary structure stipulated under the conditions of employment <2 桁> It turned out that an annual salary increase is planned.

The details of the salary increase are enclosed in the attached document.

***Please make sure all details are correct to avoid any issues with this adjustment***

From my heart,
HR team

The knights

Perhaps as expected, some workers ended up opening the attachment.

The good news is that it was not sent by cybercriminals.

The bad news was that the email was a lie. Staff were not paid.

Instead, upon opening the attachment, workers were informed that they had failed the phishing test.

It probably wouldn’t surprise me to hear that this wasn’t well received by the staff.

who would have expected that?

Sign up for our free newsletter.
Security news, advice and tips.

according to the law site roll on fridaythe test “fell like a lead balloon”, with some partners reacting in disbelief or even threatening to leave.

And yes, the fact that the email came from an external email address ([email protected]) should have sounded the alarm.

Yes, the recipient should have noticed the following phrase at the beginning of the email: real warning The message must have originated outside the company.

Part of a Knights phishing email — Part of a phishing test email sent to a Knights employee. It contained a warning that the email was sent from outside Knights.

But for any company to piss off its employees in this way is downright stupid and short-sighted.

Instead of choosing a topic that would inevitably leave a bad taste in the mouths of employees (salary reviews), this phishing test sent the first 20 people who responded with a message that the company was offering free pizza on Friday. It may not have been too much.

Of course, there is no reason for scammers to do so. Can not This tactic is used to trick suspicious users into clicking on dangerous links or opening malicious attachments.

Well, I myself have received just such a phishing email – claiming that my salary will be increased. I was the only person working at the company, so I was certainly not surprised to hear this news from the company’s human resources department.

Keep staff on your side when fighting hackers. Instead of giving them another reason not to work for you, test their cybersecurity awareness in a positive and constructive way.

Did you enjoy this article? Follow Graham Cluley on Twitter Or visit Mastodon to read more exclusive content we post.

Graham Cluley is a cybersecurity industry veteran and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent analyst, making regular media appearances and an international speaker on the subject of cybersecurity, hackers and online privacy.please follow him twitterMastodon, Bluesky, or email him.

Source link

Surprise! Staff don’t like receiving phishing tests from their firms that pose as salary increases • Graham Cluley

Leave a ReplyCancel Reply