- Pro
- Security
Be careful about those year-end bonus emails from HR
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Shutterstock)
- Hackers launch BEC scams using HR bonus-themed emails with QR codes
- Victims redirected to fake login pages via mobile devices for credential theft
- Campaign shows advanced evasion tactics, exploiting seasonal and major global events
Be careful when receiving emails from your company about year-end bonuses - they could be a scam.
With businesses now considering bonus allocations, performance reviews, and benefit enrollment processes, hackers are taking advantage to try and steal people’s workplace passwords and login credentials.
- Amazon Black Friday deals are live: here are our picks!
Security researchers Mimecast have warned emails with subject lines such as “Let's Wrap Up the Year Right – Complete Your Bonus Form!” are already making the rounds. These are Business Email Compromise (BEC) campaigns, since the emails originate from compromised email accounts belonging to the victim organization’s Human Resources (HR) departments.
You may like-
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
-
New LinkedIn phishing scam targets executives with fake board positions
-
Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know
Moving the victim to mobile
The emails are sent to other employees of the same organization and carry the official branding and logos.
Attached with the messages are PDF files with a QR code that the victim is supposed to scan with their mobile device. Apparently, the first goal of the campaign is to move the victim from the PC to the mobile environment, since security there is not as robust as it is on a desktop platform.
Once the victim pulls up their mobile device and scans the QR code, they are redirected through multiple sites, ultimately landing on a page where they must log in to their business accounts.
“This campaign demonstrates operational maturity through its use of geographically distributed compromised accounts, mobile device filtering, and CAPTCHA bypass techniques to evade detection,” Mimecast explained.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.Cybercriminals regularly use events and important dates in their campaigns, to boost their perceived legitimacy and thus steal more credentials. Tax season, the holiday season, Black Friday, and obviously - year-end performance reviews, are among them.
They also leverage major events, such as the FIFA World Cup, the Olympic Games, or US presidential elections.
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
New LinkedIn phishing scam targets executives with fake board positions
Microsoft's branding power is being used by criminals to funnel victims to tech support scam centers - here's what you need to know
Microsoft warns university employees are being hit by payroll attacks, so stay on your guard
Fake Facebook Business pages are bombarding users with phishing messages - so what can be done?
Watch out - this fake Microsoft Teams app is actually dangerous malware, here's how to stay protected
Latest in Security
Take extra care shopping for Black Friday deals - experts find thousands of fake websites looking to steal your details
Microsoft Teams guest access could let hackers bypass some critical security protections
Multiple London councils affected by apparent cyberattack
Zendesk users targeted by Scattered Lapsus$ Hunters hackers and fake support sites
Malicious Blender model files deliver StealC infostealing malware
Popular JavaScript library can be hacked to allow attackers into user accounts
Latest in News
OpenAI and Google limit free Sora, Nano Banana Pro and Gemini 3 Pro use
Premier League Black Friday deal: Get 50% Off Walmart+ and watch 2025-26 EPL season on Peacock
NYT Connections hints and answers for Saturday, November 29 (game #902)
NYT Strands hints and answers for Saturday, November 29 (game #636)
Quordle hints and answers for Saturday, November 29 (game #1405)
New Supergirl tease drops a big hint that a trailer for the DC comic book movie could be released very soon
LATEST ARTICLES- 1OpenAI and Google limit free Sora, Nano Banana Pro and Gemini 3 Pro use
- 2Picked up a smart TV in the Black Friday sales? These are the Black Friday VPN deals to pair it with
- 3Another major survey warns AI could lead to major job cuts at your business
- 4Black Friday VPN deals: these iPhone VPNs have 1M+ reviews and are on sale now
- 5Save 50% on Hotspot Shield with this Black Friday VPN deal
