Americans are hard-working, and most of us take pride in what we do. So, it can be jarring when a customer or a colleague complains about your work ethic. The dreaded “I want to speak to the manager” or “Corporate will hear about this” is enough to ruin a perfect day. Tap or click here to save time in your workday with this new Slack trick.
But those are, for the most part, face-to-face altercations that can be sorted out on the spot. An even worse scenario would be an email from human resources (HR) or your boss.
The email states that a customer complained about your behavior or some arbitrary aspects of your work. For more information, an attachment is included that details your transgression. Read on for why the complaint is likely a scam.
Here’s the backstory
Nobody likes to be raked over the coals, and many would act immediately to correct the problem. But to do that, you first need to find out what the issue is. If you nervously click on the email attachment to see the complaint, you could end up a victim to these scams.
According to cybersecurity firm Sophos, fake corporate complaints are on the rise and use targeted attacks to spread malware.
The bogus emails could come in the form of complaints from colleagues or even your boss and use wording to instill fear. In the hopes that you act without thinking, the criminals hope you open the attachment.
Here’s an example email posted by Sophos:
This kind of targeted attack is called spear-phishing. Criminals target specific people and go so far as getting the correct name, company and boss.
To no surprise, the attachment isn’t a real complaint but rather a malicious executable file disguised as such. In most cases, it presents itself as a PDF or Word Doc attachment.
If you click on the attachment or link, malware sends your IP address and specifications of your computer to the criminals. But as Sophos points out, that is only the start of the attack.
Your IP address and what components are in your now-backdoored computer might seem inconsequential, but it’s valuable information to hackers. With this data, they will know which processes and tasks your computer can handle. This information is crucial to make your PC part of a botnet or use it for cryptocurrency mining processes.
These are just a couple of nefarious examples that could come from these phishing emails.
How to stay safe from phishing attacks
Phishing attacks are common and constantly evolving. Here are some safety precautions to follow:
- Don’t panic. Take a moment to think about the email. Would your boss send you a message like this? Reach out to the person who allegedly sent it before clicking links or downloading attachments.
- Always check the sender’s email domain. If the email claims to come from a trusted source, make sure to look at the sender field. If it’s from a mismatched URL, that’s as big of a red flag for phishing as any.
- Don’t click unknown links in emails. Just like with attachments, it’s worth getting in touch with the email’s sender to make sure you’re not visiting any malicious or dangerous websites.
- Check the URL for any site you visit. You can do this by hovering your cursor over a link before clicking on it. This doesn’t just apply to links from emails, but anywhere else you visit on the web. If a URL appears mismatched to the page’s contents, get as far away as you can.
- If an email or website asks for personal data or login information, ignore it. Most businesses and platforms will never ask for your information point-blank and will usually give you the option to reset these things yourself.