Weeks before the open enrollment and tax season, one Los Angeles-based health startup employee received an email from TriNet that seems to be a phishing attack.
TechCrunch reports that this employee forwarded the email and its source code to the company as it looks unreal. The email requests employees and customers to update login information to be ‘up-to-date’ on the labor and employment laws.
Security researcher John Wethington also agreed that the email was indeed a phishing attack. Wethington said, “As hackers and self-proclaimed social engineers, we often think that spotting a phishing email is easy; The truth is it’s hard. When we first examined the email every alarm bell was going off. The deeper we dug into it the more confusing things became. We looked at the domain name records, the site’s source code, and even the webpage hashes.”
Wethington and his team looked deeper and saw nothing and he claimed that the website is 100 percent legitimate. The team contacted TriNet for clarifications and the company responded that indeed, the email came from them.
Suspicious details
Wethington was certain that the email seems fake because of the use of a poor quality logo, which came from a free image hosting website. In addition, the email also redirects into a website with a sketchy domain, hence, the suspicion of the employee and Wethington.
TriNet spokesperson Renee Brotherton confirmed that the email was legitimate saying, “[TriNet] uses the third-party site for our compliance ePoster service offering. The Imgur image you reference is an image of the TriNet logo that Poster Elite mistakenly pointed to and it has since been removed.”
Brotherton added that the email was sent to employees who do not get into the physical office and give them access to required notices.
Problematic emails
Social engineer Rachel Tobac said TriNet needs to improve its communications medium. Tobac pointed out that TriNet got it wrong with inconsistent domain names. According to the expert, these kinds of details need to be corrected as these were used by hackers.
“Trinet may have sent out a legitimate email but everything about it looked problematic,” said TechCrunch.
TriNet is a third-party human resources company that administers healthcare benefits and workplace policies of companies in the United States. In addition, the company also advises clients of law compliance and risk reduction, acting as the human resource of companies.