Problem
You work in IT as a cybersecurity specialist. You receive a call from Sam, and employee in the human resource office. He explains some of the new employees who are onboarding reported receiving an email from someone who does not work for the HR department to validate personal data as part of the hiring process. The email from this mystery person had a URL directing the new employees to www.$taffing.com while the actual URL is www.staffing.com and had instructions attached on how to complete all requirements. The new employees stated they didn't want to risk not receiving their new job and since the URL was functional and worked, they input all of the requested data into the fake website. They do not know all of the employees in HR because they are new, and assumed the email was legitimate.
What type of attack is this, what would you do in this situation (incident response), and how would you prevent this scenario from reoccurring again in the future?