Workday, a leading provider of cloud-based HR and finance software, recently shared an important security update about a recent social engineering campaign targeting their organization and others.
According to Workday, cybercriminals have been reaching out to employees at large companies, pretending to be from HR or IT support aiming to trick users into handing over sensitive information, such as account access details or personal data. These attacks have primarily been by phone and text message, making them especially difficult to spot.
Social engineering attacks often rely on creating a sense of urgency or authority, like someone calling and claiming to be from an internal or external company or your organization’s IT, and asking you to confirm information such as your password.
Workday says that, while their own systems were targeted, the attackers only accessed limited information through a third-party CRM (customer relationship management) platform. The information obtained was mostly basic business contact details like names, email addresses, and phone numbers, and there’s currently no evidence that customer accounts or sensitive business data were compromised.
Workday acted fast to block the unauthorized access and has since put extra safeguards in place to prevent future incidents. They advise they will never call asking for your password or secure details.
Official communications always come through trusted company channels.
If you ever receive a suspicious message, don’t share your information, even if it looks or sounds legitimate. Instead, contact your company’s IT or HR department directly through a verified method.
With social engineering scams on the rise, a little vigilance goes a long way. When in doubt, check it out! And if you’re ever unsure about a request, reach out to your company’s support team directly.
Visit their official blog for more information on their findings and resolutions here.
Leave a Reply