Phishing is nothing new and we know that cybercriminals are always evolving their quest to steal your business credentials. What better way to get employees to click than to tie it to performance appraisals.
How to thwart? Use Multi-Factor Authentication in case any of your accounts are compromised. Also, since many company performance appraisals are on the company intranet, refrain from clicking on links in email and navigate through your company intranet.
Security Intelligence has the story here.