[[:start|Home]] > [[:faq|FAQ]] > [[faq:security|Security]] > [[faq:security#general|General]] > [[faq:security:phishing_mail_samples|Phishing Email Samples]] > **Human Resource (HR) Email Scam**

====== Phishing Emails Unveiled: Human Resource (HR) Email Scam ======

{{:faq:security:phishing_mail_samples:12-5.jpg?600|}}

In such scams, the hacker disguises as your Human Resource (HR) department that sends you a link to check about HR-related matters like leave approvals. The goal is to deceive recipients into providing sensitive information, such as login credentials, personal details, or financial information, or to infect their devices with malware.

----


===== Common Characteristics =====
==== 1. Unknown or Suspicious Sender Address ====
Check if the sender's email domain matches the official domain used by your company's HR department. Be cautious of HR emails sent from different domains, or from generic email providers (e.g. Gmail, Yahoo, etc.).

==== 2. Phishing Links ====
The email may contain links to fake HR portals that contain malware. Clicking on the links can lead to data theft, identity theft, or further phishing attempts.

==== 3. Impersonation / Fake Signature ====
The emails may impersonate HR personnel or executives to appear authentic.


----


===== Useful Tips =====

✅ Exercise caution when an HR email demands urgent action or creates a sense of urgency. Fraudsters often use time pressure to manipulate recipients into making hasty decisions without thorough verification.

✅ Always verify any unusual or sensitive HR requests through alternative communication channels. Use the official contact information provided by your organization, such as the HR department's phone number or email address, to confirm the legitimacy of the request.