It appears that someone is using your firm’s corporate directory—which includes job titles and email addresses—to contact senior managers and directors via email. The email requests that the recipient click on a URL, which leads to a Web site that looks as if it were designed by your Human Resources organization. Once at this phony Web site, the employees are asked to confirm the bank and account number to be used for electronic deposit of their annual bonus check.
Review Questions
1. How is this attack different from an ordinary phishing attack?
2. Craft a communications that might be sent out to employees to thwart this attack.
Critical Thinking Questions
1. Should this communications come from Human Resources, the corporate information systems security organization, or some other entity?
2. What actions can be taken to lessen the potential impact of future such attacks?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here