Hi Community,
In the following, we would like to inform you a little about phishing e-mails, messages, calls and other scams. Here you can find out how to recognise them better and report them accordingly.
The best defence against malicious activity is for all of us to work together.
So trust, but verify. See something, say something, and stay vigilant. Use these tips to avoid scams and report it to reportphishing@personio.com if you receive any suspicious emails, phone calls, or other messages impersonating Personio.
Phishing Attacks
Phishing attacks have been a persistent cybersecurity challenge for years, and will continue to be that in the future. Traditional phishing techniques typically involve crafting deceptive emails or messages that appear legitimate, aiming to trick users into divulging sensitive information such as passwords, financial data, or personal details or trick them into sending money.
AI-based phishing leverages the capabilities of machine learning and natural language processing to create highly personalised and convincing phishing campaigns (Spear Phishing), profiling you with the data collected from social media, public records, and other online sources.
If you receive a suspicious email or SMS text message that looks like it's supposed to be from Personio, please email it to reportphishing@personio.com. For emails, download them and send it as attachment and for messages, texts etc, please take a screenshot and share the details.
Phishing Techniques You Should Be Aware Of
Just click on “Show content” for more.
Good old Social Engineering
Attackers can develop sophisticated social engineering techniques, such as sentiment analysis, to assess emotions and tailor messages accordingly. With personalisation victims are more likely to trust and respond to seemingly authentic communication.
️ Deepfakes and Voice Cloning
With deepfakes, cybercriminals can create realistic audio or video recordings, or create a clone of someone's voice or appearance. Making it even more challenging to differentiate between genuine and fabricated communications.
Clone Phishing
This attack duplicates a real message that was sent previously, with legitimate attachments and links replaced with malicious ones. This appears in email, but may also show up in other communication channels. For example via fake social media accounts and text messages.
Some Examples of Common Phishing Scams
Whilst it would be impractical and impossible to list every known phishing scam here, there are some more common ones you should definitely look out for:
- Account Suspension/Deletion
Use of seemingly legitimate email from a service account, prompting a login to restore your data in attempts to steal your credentials. - Notice from your Bank
These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.” - Update of Banking Account/ Phone Number
Notice of change of payment details, or update of phone number are common scams, that can come via emails, texts and even letters. - Email from a ‘Friend.
This scam takes the form of a known friend who is in a foreign country and needs your help. - Angler Phishing
Impersonating a customer service representative to trick you. On social media, a fake help account spots your “@mentions” to a company’s social media handle and respond with a fake support message. - Contest Winner/Inheritance Email
If you’ve won something unexpectedly or received an inheritance from a relative you've never heard of — don’t get too excited, IT IS A SCAM! - The Tax Refund/Rebate
These phishing messages normally say that you are either eligible to receive a tax refund, or you have been selected to be audited.
Commonly Used Phishing “Tools”
This one is a bit more detailed. Simply click on "Show content" for the relevant section.
Fraudulent emails and messages
Scammers try to copy email and text messages from legitimate companies to trick you into giving them your personal information and passwords. These signs can help you identify phishing emails:
- The sender’s email or phone doesn’t match the name of the company that it claims to be from.
- The email or phone they used to contact you is different from the one that you gave that company.
- A link in a message looks right, but the URL doesn’t match the company’s website.
- The message looks significantly different from other messages that you’ve received from the company.
- The message requests personal information, like a credit card number or account password.
- The message is unsolicited and contains an attachment.
If you get a suspicious phone call or voicemail
Scammers use fake Caller ID info to spoof phone numbers of companies like Personio and often claim that there's suspicious activity on your account or device to get your attention. Or they may use flattery or threats to pressure you into giving them information, money, and gift cards. If you get an unsolicited or suspicious phone call from someone claiming to be from Personio, just hang up.
You can report scam phone calls to your local law enforcement agency.
If you see suspicious Calendar events
If you get an unwanted or suspicious calendar invitation, you can report it as Junk or spam. If you might have unintentionally subscribed to a spam Calendar, you can delete it.
If your web browser displays annoying pop-ups
While browsing the web, if you see a pop-up or alert that offers you a free prize or warns you about security problems or viruses on your device, don't believe it. These types of pop-ups are usually fraudulent advertisements, designed to trick you into downloading damaging software or giving the scammer personal information or money.
Don't call the number or follow the links to claim the prize or fix the problem. Ignore the message and simply navigate away from the page or close the entire window or tab.
️ If you're prompted to download software
Use extreme caution if you download content from the internet. Some downloads found on the internet may not contain the software they claim to, or may contain software that you didn't expect or want. This includes apps that ask to install configuration profiles that can then control your device. If installed, unknown or unwanted software may become intrusive and annoying and could even damage your Device and steal your data.
To avoid unwanted, fake, or malicious software, install software from the trusted Store or get it directly from the developer's website.
Some Basic Guidelines To Abide By
- Never engage! Do not respond, or click on any links, or open any attachment.
- And if you already clicked on the link—does the website look similar to Personio website and is prompting you to log in or take an action? It’s not too late—just close the browser tab and don’t enter your details.
- Never trust alarming messages. Creating urgency is an essential tactic in social engineering (and sales).Most reputable companies will not request personally identifiable information or account details, via email or texts.
- If the sender is known, verify authenticity through different means, i.e. not using that same email. Check public information like their legit website. If the message relates to finance or personal information, be extra cautious!
- Be careful when providing personal information! Never provide your credentials to third parties.
- Do not rush or panic! Take your time. Scammers create urgency in order to pressure you into clicking links or opening attachments.
- If you revealed sensitive information, don’t panic! Reset your credentials on the sites you've used them. Change your passwords and contact your banks immediately.
- Keep your software, browser and operating system up to date.
- For business emails, let the Personio security know about any sophisticated phishing attempt by downloading them and sending it as an attachment to reportphishing@personio.com.
Be aware and stay vigilant,
Your Voyager Community Team