Cybersecurity Alert: Why Interns and Seasonal Workers are Prime Targets & How to Protect Them

July 14, 2026

Aymen Ben Aouicha Outpost24

Aymen Ben Aouicha, Senior Systems Engineer EMEA at Outpost24, discusses with BDM the vulnerabilities introduced by the influx of interns, trainees, and seasonal workers, and how organizations can safeguard against potential security risks.

How Does the Arrival of Interns and Seasonal Workers Each Summer and Fall Provide Opportunities for Cybercriminals?

These times are particularly vulnerable because they see a high volume of new accounts being created simultaneously, access being hurriedly granted, and new hires who are not yet familiar with the company’s security policies. For cybercriminals performing reconnaissance, these new employees are easy targets due to their publicly available start dates, junior job titles, and less monitored accounts.

What Does This Lack of Awareness Among New Hires Mean for Their Risk of Cyber Attacks?

A seasoned employee knows not to expect requests for money transfers via email on a Friday night or unsolicited password requests from the IT department. However, an intern, lacking this experience, does not recognize such requests as unusual and lacks a frame of reference for these interactions.

This doesn’t necessarily increase the attack surface technically, but it significantly enhances the likelihood of a successful attack due to the virtual absence of human detection layers.

Does the Immediate Need for Access to Numerous Tools Increase Their Vulnerability?

Yes, for a couple of reasons. First, the urgency to have interns operational from day one often leads to broader access rights being granted than necessary due to time constraints. Additionally, the rapid creation of multiple accounts and passwords heightens the risk of weak passwords or those sent via insecure methods, creating exploitable opportunities for attackers.

What Types of Attacks Commonly Target These Profiles, and Why?

Three main types of cyberattacks are prevalent:

  • Classic phishing: fake HR emails, bogus payroll or training platform activation requests,
  • Spear phishing: impersonation of a manager requesting access to document sharing or confidential information,
  • Vishing: phone calls posing as IT support aiming to acquire passwords or install remote access tools.

These methods are effective because they target inexperienced employees within a believable context, as the recent hire might still expect to receive such requests.

How Do Cybercriminals Exploit the Inclination of These Employees to Not Question Authority?

Attackers leverage the perceived hierarchical asymmetry: an intern is unlikely to question urgent requests from a higher-ranking manager or director. A typical pretext involves authority, urgency, and confidentiality, such as: “It’s me, I’m in a meeting, your manager is unreachable, you’re the only one who can help.

This scenario often inhibits the intern’s instinct to verify the request, as doing so might appear disobedient or wasteful of a superior’s valuable time.

What Are the Typical Organizational Flaws Behind These Successful Attacks?

Commonly found issues include:

  • a lack of specific cybersecurity awareness during onboarding,
  • accounts created with excessively broad default rights instead of following the principle of least privilege,
  • no widespread use of Multi-Factor Authentication (MFA) for temporary accounts,
  • no clear verification channels (“Who to contact if in doubt?“),
  • poor coordination between HR and IT regarding the activation and deactivation of access based on actual contract duration.

How Can Companies Ensure Quick Onboarding While Maintaining Strict Access Security?

These objectives aren’t necessarily at odds if security measures are standardized in advance rather than handled on a case-by-case basis. This includes predefined access profiles by role, automated provisioning limited to essentials from day one, and default activation of MFA without requiring extra steps from managers.

Efficiency stems from standardization, not from loosening controls.

What Key Practices Do You Recommend HR and Managers Implement to Minimize Risks From the Start?

Recommended measures include:

  • incorporating a cybersecurity awareness module in the initial days (beyond GDPR and physical security),
  • automatically enabling MFA upon account creation,
  • applying least privilege with a review of rights after 30 days,
  • establishing a known and singular IT contact point for all newcomers for any sensitive inquiries,
  • tight synchronization between HR and IT on contract start/end dates to prevent inactive accounts.

What Essential Advice Would You Give an Intern or Seasonal Worker to Identify Suspicious Requests?

Here are three simple tips:

  1. Never rush to respond to financial requests or sensitive data inquiries, even if they appear to come from a higher-up.
  2. Always double-check through a secondary channel (direct call, in-person visit); never share your password, even with someone claiming to be from IT; and remember, there are no silly questions.
  3. Reporting any doubts to your mentor or IT department is cost-free, whereas a mistake could be expensive.

With the Influx of Seasonal and Intern Workers During Summer, Is There an Immediate Need to Address This Issue, or Is It an Ongoing Underestimated Risk?

It is both an ongoing structural risk that exists anytime there is staff turnover or seasonality, and a risk that is intensified during summer and fall due to the concentration of new hires.

This makes it an ideal time to test and refine secure onboarding processes, as these vulnerabilities will persist throughout the year whenever new employees are onboarded.

Aymen Ben Aouicha, Senior Systems Engineer EMEA, Outpost24

Aymen Ben Aouicha serves as a Senior Systems Engineer at Outpost24. With 15 years of experience in cybersecurity and enterprise architecture, he has previously held positions at F5, Symantec, NTT Com Security, Dimension Data, and BNP Paribas. Specializing in threat exposure management, application security, and network architectures, his expertise focuses on vulnerability management, EASM, threat intelligence, and cloud security.

Similar Posts

Rate this post

Leave a Comment

Share to...