1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Excited for your Christmas bonus? So are scammers - so make sure

    From TechnologyDaily@1337:1/100 to All on Friday, November 28, 2025 17:15:10
    Excited for your Christmas bonus? So are scammers - so make sure you check your emails carefully

    Date:
    Fri, 28 Nov 2025 17:03:00 +0000

    Description:
    Be careful about those year-end bonus emails from HR - they might not be authentic, experts warn.

    FULL STORY ======================================================================Hackers launch BEC scams using HR bonus-themed emails with QR codes Victims
    redirected to fake login pages via mobile devices for credential theft Campaign shows advanced evasion tactics, exploiting seasonal and major global events

    Be careful when receiving emails from your company about year-end bonuses - they could be a scam.

    With businesses now considering bonus allocations, performance reviews, and benefit enrollment processes, hackers are taking advantage to try and steal peoples workplace passwords and login credentials.

    Security researchers Mimecast have warned emails with subject lines such as Let's Wrap Up the Year Right Complete Your Bonus Form! are already making
    the rounds. These are Business Email Compromise (BEC) campaigns, since the emails originate from compromised email accounts belonging to the victim organizations Human Resources (HR) departments. Moving the victim to mobile

    The emails are sent to other employees of the same organization and carry the official branding and logos.

    Attached with the messages are PDF files with a QR code that the victim is supposed to scan with their mobile device. Apparently, the first goal of the campaign is to move the victim from the PC to the mobile environment, since security there is not as robust as it is on a desktop platform.

    Once the victim pulls up their mobile device and scans the QR code, they are redirected through multiple sites, ultimately landing on a page where they must log in to their business accounts.

    This campaign demonstrates operational maturity through its use of geographically distributed compromised accounts, mobile device filtering, and CAPTCHA bypass techniques to evade detection, Mimecast explained.

    Cybercriminals regularly use events and important dates in their campaigns,
    to boost their perceived legitimacy and thus steal more credentials. Tax season, the holiday season, Black Friday, and obviously - year-end
    performance reviews, are among them.

    They also leverage major events, such as the FIFA World Cup, the Olympic Games, or US presidential elections.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/excited-for-your-christmas-bonus-so-are -scammers-so-check-your-emails-carefully


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)