Vacation Notification Scam: how to recognize and protect yourself from this type of fraud
We can agree on one thing: everyone deserves and enjoys a vacation, right? As the date approaches, what we want most is to get everything organized and avoid any obstacles to the planned break.
Imagine you're in exactly this situation, in your last week of pre-holiday work. Then, first thing in the morning, you receive an email that seems to have been sent by your company’s human resources department. The subject line? "Vacation confirmation".
You think it's a little strange, because confirmation had already been given. Nevertheless, you open the message and find a simple instruction: click on the link below to confirm your vacation schedule. So... would you click? If yes, you could end up in a lot of trouble.
How the Vacation Notification Scam works
In the Vacation Notification Scam, fraudsters impersonate the human resources department of the company where the victim works and create a fake email related to that employee's vacation.
Topics may vary: an urgent rescheduling, a request to confirm the dates, a notification that the period informed has not been approved... and so on!
As with the vast majority of tricks, in the Vacation Notification Scam, the criminals try to convince the victim to click on a link and share sensitive personal and financial information, or even to download a malicious program onto their computer.
In general, cybercriminals exploit employees' natural anxiety about their vacations in an attempt to convince them to take the indicated action.
How to protect yourself from the Vacation Notification Scam?
Calmness and suspicion are your best allies in protecting yourself from the Vacation Notification Scam. Before taking any action, stop and think:
-
Does the email address of the sender match the one commonly used by the company?
-
Has the human resources department ever informed you of the need to confirm or the possibility of suddenly rescheduling your vacation?
-
Does the human resources department usually send communications with links or downloadable files?
If the answer to any of these questions is "no", do not take any action. Contact the person in charge of the human resources department through other channels, whether in person, via a messaging app or by phone.
If the message is confirmed to be false, notify the IT department immediately.
What can companies do to protect their employees from the Vacation Notification Scam?
One of the most effective measures to protect your company from the Vacation Notification Scam is to invest in raising awareness among your employees. It's like we always say: the best weapon against the cybercriminals on duty is information!
Hacker Rangers is a 100% gamified platform for creating a cybersecurity culture in your company. Using a lighthearted and fun approach, we will teach your employees how to identify and combat the Vacation Notification Scam and many other phishing attacks!
This way, they remain vigilant and engaged in the mission to protect your company from cyberattacks. How about experiencing the power of gamification yourself? Visit hackerrangers.com and test the platform for free for 15 days!