In such scams, the hacker disguises as your Human Resource (HR) department that sends you a link to check about HR-related matters like leave approvals. The goal is to deceive recipients into providing sensitive information, such as login credentials, personal details, or financial information, or to infect their devices with malware.

Check if the sender's email domain matches the official domain used by your company's HR department. Be cautious of HR emails sent from different domains, or from generic email providers (e.g. Gmail, Yahoo, etc.).

The email may contain links to fake HR portals that contain malware. Clicking on the links can lead to data theft, identity theft, or further phishing attempts.

The emails may impersonate HR personnel or executives to appear authentic.

✅ Exercise caution when an HR email demands urgent action or creates a sense of urgency. Fraudsters often use time pressure to manipulate recipients into making hasty decisions without thorough verification.

✅ Always verify any unusual or sensitive HR requests through alternative communication channels. Use the official contact information provided by your organization, such as the HR department's phone number or email address, to confirm the legitimacy of the request.