Hackers have been found to be impersonating HR staff to gain employee credentials to access employee payroll accounts and banking details.
Expert Comments below:
Felix Rosbach, Product Manager at comforte AG:
“Here we have yet another example of how easy it is to steal someone’s identity – given there are no countermeasures in place.
The reason for this is simple: most hackers aren’t geniuses, but neither is the average employee. We’re only human after all. Sometimes we make mistakes. Sometimes we get complacent or distracted and, unfortunately, our tendency to slip up every once in a while leaves us open to exploitation. That’s why you always have to have the human element in mind when thinking about security.
So the question is: how do we protect our organization from the phishing scheme du jour?
With an increasing attack surface and an endless number of ways to get access to a company, the name of the game is sophisticated identity access management coupled with verification from an actual human. And last but not least, having solid data protection will act as a fail-safe to minimize the damage in the event of a breach.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.