A Company's "Malicious Email Simulation" Goes Viral Online
"Always Check the Sender's Email Address" Urged
A case in which a company conducted a "malicious email simulation test" disguised as a year-end bonus announcement has become a hot topic online.
On December 16, a post titled "They said there would be no performance bonus this year, but an announcement just appeared" was uploaded to an online community, accompanied by two photos. The first photo showed a screenshot of an email titled "Notice of Special Performance Bonus Payment Based on 2025 Management Results."
The email began with a greeting: "Hello. As we wrap up the eventful year of 2025, we sincerely thank all executives and employees for doing their best in their respective positions throughout the year."
It continued, "We would like to express our gratitude to all executives and employees who contributed to achieving the 2025 management goals and generating results, and hereby inform you of the special performance bonus payment as follows." It added, "This bonus has been calculated differently for each individual based on the results of their personnel evaluations, and detailed information can only be checked individually for security reasons, so please be aware of this."
Additionally, beneath the information about eligible recipients, payment date, and confirmation period, there was a button labeled "Check Individual Performance Bonus Statement (Go to Page)."
However, the twist was revealed in the second photo. The screen, which appeared after clicking the "Check Individual Performance Bonus Statement (Go to Page)" button in the first image, displayed a warning message in red text: "As a result of the phishing simulation training, you have clicked a phishing link."
It further stated, "This training is the 10th malicious email simulation test conducted by the IT Security Team in 2025," and "This is an internal drill, not a real attack. Those who clicked the link will be notified separately."
The message also warned, "If this link had been an actual hacking email, your company could have suffered serious damage, including financial loss and personal information leakage," and urged, "Always carefully check the source of emails and do not click on suspicious links."
Upon seeing this, online users commented, "It's strange if you don't get caught by this," "How could you not click it? It's so tempting," "That was a proper drill," and "Hacking simulation emails are getting more and more creative." One user, who said they work in security, added, "If you bait people with topics like salary, incentives, or welfare points-anything related to money-everyone falls for it," and advised people to check the sender's email address.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
