Cybercriminals Exploiting HR Policy Announcements in Phishing Attacks
Secure World – Drew Todd
Cybercriminals are posing as HR officials and sending phishing emails that contain themes related to updated HR policy announcements. These emails typically include links or attachments that are used to steal employee credentials.

Abnormal Security, a cybersecurity solutions provider, has published research on these phishing attacks, highlighting two specific types: payload-based credential phishing attacks and link-based credential phishing attacks.

Both of these types of attacks are designed to trick employees into providing their login credentials by disguising the phishing attempts as legitimate internal company announcements.
Link: https://www.secureworld.io/industry-news/cybercriminals-phishing-hr-policy-announcements