⚡ Recognize and Report Phishing Emails, Messages, Calls, or Any Other Scams!

 Good old Social Engineering
Attackers can develop sophisticated social engineering techniques, such as sentiment analysis, to assess emotions and tailor messages accordingly. With personalisation victims are more likely to trust and respond to seemingly authentic communication.

️ Deepfakes and Voice Cloning
With deepfakes, cybercriminals can create realistic audio or video recordings, or create a clone of someone's voice or appearance. Making it even more challenging to differentiate between genuine and fabricated communications.

 Clone Phishing
This attack duplicates a real message that was sent previously, with legitimate attachments and links replaced with malicious ones. This appears in email, but may also show up in other communication channels. For example via fake social media accounts and text messages.

• Account Suspension/Deletion
  Use of seemingly legitimate email from a service account, prompting a login to restore your data in attempts to steal your credentials.
• Notice from your Bank
  These emails normally give you a convenient link which leads to a web form, asking for your bank details “for verification purposes.”
• Update of Banking Account/ Phone Number
  Notice of change of payment details, or update of phone number are common scams, that can come via emails, texts and even letters.
• Email from a ‘Friend.
  This scam takes the form of a known friend who is in a foreign country and needs your help.
• Angler Phishing
  Impersonating a customer service representative to trick you. On social media, a fake help account spots your “@mentions” to a company’s social media handle and respond with a fake support message.
• Contest Winner/Inheritance Email
  If you’ve won something unexpectedly or received an inheritance from a relative you've never heard of — don’t get too excited, IT IS A SCAM!
• The Tax Refund/Rebate
  These phishing messages normally say that you are either eligible to receive a tax refund, or you have been selected to be audited.

Scammers try to copy email and text messages from legitimate companies to trick you into giving them your personal information and passwords. These signs can help you identify phishing emails:

• The sender’s email or phone doesn’t match the name of the company that it claims to be from.
• The email or phone they used to contact you is different from the one that you gave that company.
• A link in a message looks right, but the URL doesn’t match the company’s website.
• The message looks significantly different from other messages that you’ve received from the company.
• The message requests personal information, like a credit card number or account password.
• The message is unsolicited and contains an attachment.

Scammers use fake Caller ID info to spoof phone numbers of companies like Personio and often claim that there's suspicious activity on your account or device to get your attention. Or they may use flattery or threats to pressure you into giving them information, money, and gift cards. If you get an unsolicited or suspicious phone call from someone claiming to be from Personio, just hang up. 
You can report scam phone calls to your local law enforcement agency.

If you get an unwanted or suspicious calendar invitation, you can report it as Junk or spam. If you might have unintentionally subscribed to a spam Calendar, you can delete it.

While browsing the web, if you see a pop-up or alert that offers you a free prize or warns you about security problems or viruses on your device, don't believe it. These types of pop-ups are usually fraudulent advertisements, designed to trick you into downloading damaging software or giving the scammer personal information or money.

Don't call the number or follow the links to claim the prize or fix the problem. Ignore the message and simply navigate away from the page or close the entire window or tab.

Use extreme caution if you download content from the internet. Some downloads found on the internet may not contain the software they claim to, or may contain software that you didn't expect or want. This includes apps that ask to install configuration profiles that can then control your device. If installed, unknown or unwanted software may become intrusive and annoying and could even damage your Device and steal your data.

To avoid unwanted, fake, or malicious software, install software from the trusted Store or get it directly from the developer's website.

1. Never engage! Do not respond, or click on any links, or open any attachment.
2. And if you already clicked on the link—does the website look similar to Personio website and is  prompting you to log in or take an action? It’s not too late—just close the browser tab and don’t enter your details.
3. Never trust alarming messages. Creating urgency is an essential tactic in social engineering (and sales).Most reputable companies will not request personally identifiable information or account details, via email or texts.
4. If the sender is known, verify authenticity through different means, i.e. not using that same email. Check public information like their legit website. If the message relates to finance or personal information, be extra cautious!
5. Be careful when providing personal information! Never provide your credentials to third parties.
6. Do not rush or panic! Take your time. Scammers create urgency in order to pressure you into clicking links or opening attachments.
7. If you revealed sensitive information, don’t panic! Reset your credentials on the sites you've used them. Change your passwords and contact your banks immediately.
8. Keep your software, browser and operating system up to date.
9. For business emails, let the Personio security know about any sophisticated phishing attempt by downloading them and sending it as an attachment to reportphishing@personio.com.