Security News > 2024 > January > Fake 401K year-end statements used to steal corporate credentials
Threat actors are using communication about personal pension accounts plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
Cofense says that throughout last year it has seen a sharp rise in QR codes embedded in those phishing emails, taking recipients to a fake login page designed to steal credentials.
Other lure types seen more often towards the end of the year include open enrollment, surveys, and salary restructuring communications.
Open enrollment is a specific period, typically occurring towards the end of the calendar year, allowing employees to enroll in health insurance or retirement plans.
Finally, Cofense warns about fake employee satisfaction surveys and assessment reports sent to targets from spoofed human resource departments.
The phishing email uses an "Employee of the year award" theme to trick recipients into opening their performance reports, allegedly to review and sign them.