Phishing attacks catch sensitive HR information

Organised crime gangs are developing sophisticated ‘phishing’ – fake e-mail – attacks against businesses to try to steal passwords and sensitive information, experts have warned.

Some fraudulent e-mails pretend to be messages from a company’s network administrator asking employees to update their passwords.

But staff clicking on the link in the fake e-mail could be giving their login details to fraudsters, who are then free to use them to access business systems.

Anne Bonaparte, chief executive of e-mail security company MailFrontier, said gangs are using sophisticated attacks to identify new employees in businesses.

The phishers then pose as payroll providers and try to use the information they have harvested to get yet more personal details from a company’s HR department.

“This is a very sophisticated corporate phish. We are beginning to collect some very serious ones. As these phishers get more sophisticated this is the way it is going. There is a lot of money to be had here,” said Bonaparte.

Organised crime is targeting businesses rather than consumers because the rewards can be greater, she added.

Comments are closed.