20% Discount On All Apple Products
Don’t let this deal pass you by – the offer is only available to LANXESS employees. Is that true? Of course, it says so right there in the email from “Corporate Benefits“…
Who doesn’t dream of getting these kinds of discounts on the highly coveted new iPhones, iPads, and other popular Apple gadgets? But have you ever seen anything like this before? Is it realistic for a company like Apple to enter into such an exclusive partnership with a chemicals company like LANXESS? And what does Apple get out of it? It should quickly become clear – this can only be a scam. And that’s exactly what it was – a phishing email sent by our own Information Security team to keep us on our guard. And also to remind us to watch out for typos – if you look closely, you’ll see that the name of the sender is misspelled: “Corporate Benefts.” This is also typical for cybercriminals.
“The idea behind this was to raise employees’ awareness of scams,” explains Timo Kukuk, Chief Information Security Officer, Lex GF. LANXESS is the target of cyberattacks on a daily basis. But phishing emails directly target employees. And what they specifically receive and potentially disclose in interactions is beyond the experts’ knowledge, unless the employees report it. “That’s why it’s so important that everyone is vigilant and forwards any suspicious activity to us directly via Outlook,” says Kukuk (see the info box to the right for more information!). The scammers often use typical phrases. For example, that the offer is highly attractive, the recipient has been selected personally, and there is an impending deadline (i.e., the “offer is only valid for a limited time”). The criminals’ goal is to obtain the user’s passwords or install malicious software directly on their system and thus penetrate deeper into LANXESS’s IT network. Information Security also initiated two other phishing campaigns. In one of them, employees received a phone call from an alleged Teams support representative asking them to verify an account, and in the other, the subject was an alleged lottery win as part of the QIM.
Kukuk’s ultimate goal is to ensure that no employee ever falls victim to a phishing scam again. Although this has yet to be achieved, far fewer than half of the employees fell for it in all three campaigns.
Tips and Events
Unsure? Report it!
Anyone who has a suspicious feeling about an email should report it immediately. There’s a “Report Message” option in the Outlook ribbon bar: open it and submit the mail under Phishing. The reply is sent automatically via email. If the reported mail was harmless, it can be found in the Deleted Items folder and can be accessed there at any time. If the email is a scam, everyone benefits from it being reported, because it is deleted from all mailboxes. You can also find more information on the process in the Knowledge Portal by searching for “Dealing with suspicious emails.”
Further Campaigns Planned, Three Mandatory Dates
To further raise awareness of this and other information security issues, new online training courses will be launched in May with the first four modules, which everyone must attend. Further modules will be added in the summer and fall.