Employers need to be ‘proactive’ to protect workers and business
A new and increasingly sophisticated phishing threat is targeting workplaces amid economic volatility — and employers need to be on high alert.
Known as "job termination scams," these attacks mimic internal HR communications to deceive employees into revealing sensitive information or clicking malicious links, with potentially devastating consequences for both individuals and employers, says Tony Anscombe, chief security evangelist at ESET.
The scams are an evolution of job offer frauds previously seen on platforms like LinkedIn. However, these latest tactics exploit fears around job loss to gain access to corporate systems or financial data, he tells Human Resources Director Canada.
“We are seeing an increased volume in this type of scams.”
This comes amid the uncertainty brought about by the tariffs imposed by U.S. President Donald Trump on Canada.
Also, many employers continue to struggle finding the talent that they need, according to a previous report from the ManpowerGroup.
Job termination scams often arrive via email and appear to originate from a company’s HR department. The messages may include formal language, company branding, and detailed instructions regarding severance payments or final salary disbursements, says Anscombe.
“It could look incredibly real if there's severance payments in there and it talks about continued benefits,” he says. “Iit depends on how well the emails’ been crafted and what somebody already knows about your organization.”
These scams are designed to either harvest employees’ personal and financial information or to distribute malware, he says.
The psychological toll on workers should not be overlooked either, with Anscombe noting that such emails can have a negative impact on employees’ emotional and mental well-being.
Nearly half (47%) of Canadian employees admitted to using unregulated artificial intelligence (AI) tools, according to a previous report from CDW.
But beyond the immediate impact on affected workers, job termination scams pose serious risks for employers.
For one thing, employees might stop working upon receiving this type of email — resulting in lost productivity. Also, once inside the company’s system, attackers may escalate the breach by using stolen credentials to access broader corporate networks.
“It could involve infiltration of personal data. It could be a ransomware attack,” says Anscombe.
Cyber criminals could also go into the dark web and sell the credentials on to someone else.
“The issue for the company could actually be a full-scale data breach.”
The reputational damage and operational disruption caused by such breaches could be significant, especially if employee trust is undermined during the process.
To protect both employees and the organisation, Anscombe recommends a proactive and transparent approach.
This begins with awareness and regular communication. Employers should make it standard practice to explain how official communications are sent and what legitimate HR emails should — and should not — contain, he says.
“When you receive a communication from your bank, they tell you it will only come from a specific address, and they will never include links.”
HR departments should adopt a similar approach, says Anscombe.
Make sure employees know the only legitimate HR email address and clearly state that login requests will never be included in termination notices, he advises.
HR professionals should also work closely with IT teams to regularly brief staff on emerging scams. Rather than limiting cybersecurity training to an annual compliance session, HR leaders should advocate for more frequent and topic-specific refreshers.
He also stresses the importance of culture in how training is approached. Rather than penalising employees who fall for simulated scams, organisations should focus on education and reward proactive behaviour.
Employers should also implement multi-factor authentication as part of their system defense, says Anscombe.
“I'd be educating my employees on how to stay safe. It's good practice generally with cyber hygiene, not just in this instance.”
Despite surging cyberattacks, employers treat security as “tick in the box,” according to a previous report from KPMG.
