New Credential Phish Targets Employees with Salary Increase Scam (Oct 31, 2019)
A phishing campaign focused on collecting Office365 credentials of employees expecting pay raises has been discovered by the Cofense Phishing Defense Center (PDC). Threat Actors are creating fake emails pretending to be the company’s HR department. The actors did this by spoofing the “From” field in the headers to make it appear as if the email came from a company representative. The employee is advised to click an attachment for a which they believe will show an Excel spreadsheet detailing salary increases. It will actually redirect them and request to log into a fake Microsoft Office365 login page. This will then give the actor access to the employee’s email and be able to pursue other malicious activities depending on what can be found. This could include various pieces of Personally Identifiable Information (PII) that could be used for identity fraud and stealing employee money.
Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Emails that request that the recipient follow a link that then asks for credentials to be entered is often an indicator of a phishing attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.