Vacation Phishing Scam

Like usual, Cybercriminals love to create phishing campaigns catered to popular trends, events, seasons, etc. Now that it is summer, and cybercriminals know that summer is an extremely popular time to vacation they have geared their phishing campaigns towards vacation-themed websites and offers. There has been a rise in vacation-themed website domains and many of them are malicious.

In the latest scam, cybercriminals pretend to be your HR department and send you a new vacation plan that some employees can use. In order to find out if you are eligible to use the vacation plan, the email scam guides you to click on the link. Once you click on the link, it will ask to enter your email and password. If you enter your login, cybercriminals now have your credentials and can access your organization.


  • If you receive an email from someone in your organization and you think it could be scam, always verify with the person directly.
  • Always look for red flags in unexpected emails. Check the grammar, the sender, what time the email is being sent, etc.
  • Cybercriminals always try to play on your emotions. In this case, they know you will be curious if you are eligible or not for what the email is claiming. Always remember to think before you click.

Learn more tips like this and train your employees with our Security Awareness Training Program.