British law firm Knights certainly has an interesting way of keeping its staff happy.

Employees disappointed staff with a recent salary review that granted either zero pay raises or a “small percentage of wages that were already well below market,” but “important news: pay raises.” I was pleased to receive an e-mail titled

Hello<編集済み>

From the next fiscal quarter, as a result of an evaluation of the current salary structure stipulated under the conditions of employment <2 桁> It turned out that an annual salary increase is planned.

The details of the salary increase are enclosed in the attached document.

***Please make sure all details are correct to avoid any issues with this adjustment***

From my heart,
HR team

The knights

Perhaps as expected, some workers ended up opening the attachment.

The good news is that it was not sent by cybercriminals.

The bad news was that the email was a lie. Staff were not paid.

Instead, upon opening the attachment, workers were informed that they had failed the phishing test.

It probably wouldn’t surprise me to hear that this wasn’t well received by the staff.

who would have expected that?

Sign up for our free newsletter.
Security news, advice and tips.

according to law site roll on fridaythe test “fell like a lead balloon”, with some partners reacting in disbelief or even threatening to leave.

And yes, the fact that the email came from an external email address ([email protected]) should have sounded the alarm.

Yes, the recipient should have noticed the following phrase at the beginning of the email: real warning The message must have originated outside the company.

Part of a Knights phishing email
Part of a phishing test email sent to a Knights employee. It contained a warning that the email was sent from outside Knights.

But for any company to piss off its employees in this way is downright stupid and short-sighted.

Instead of choosing a topic that would inevitably leave a bad taste in the mouths of employees (salary reviews), this phishing test sent the first 20 people who responded with a message that the company was offering free pizza on Friday. It may not have been too much.

Of course, there is no reason for scammers to do so. Can not This tactic is used to trick suspicious users into clicking on dangerous links or opening malicious attachments.

Well, I myself have received just such a phishing email – claiming that my salary will be increased. I was the only person working at the company, so I was certainly not surprised to hear this news from the company’s human resources department.

Keep staff on your side when fighting hackers. Instead of giving them another reason not to work for you, test their cybersecurity awareness in a positive and constructive way.

Did you enjoy this article? Follow Graham Cluley on Twitter again Mastodon To read more of the exclusive content we post,


Graham Cluley is a cybersecurity industry veteran who has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent analyst, making regular media appearances and an international speaker on the subject of cybersecurity, hackers and online privacy.follow him twitter, MastodonBluesky, or email him.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog