Found by Cofense, this latest phishing scam seduces those with a soft-spot for cash. Under the disguise of an increase in wages, this scam looks to fool users into giving up their Microsoft Office 365 credentials.
According to the Cofense Phishing Defence Centre, what makes this phishing attack effective is that it comes from an email which is a mock of the human resources department. It claims that the victim is entitled to a company-wide pay rise to which the intended victim is entitled.
“It is not uncommon, of course, for companies to increase salaries throughout the year. As a result, it wouldn’t be uncommon for an email like this to appear in an employee’s mailbox. Human curiosity compels users to click the embedded link,”
Milo Salvia of Cofense.
The format of the phishing scam consists of convincing recipients that the link attached is a Sharepoint document when it fact it is an external URL. Upon entering the malicious website, the victim is presented with a fake Office 365 login page. Here the person’s email address is pinned to the username area so only the password needs to be inserted.
At this point the attacker has accomplished his goal and now has access to that user’s Office 365 account.
How to respond
When you get any email or perhaps even a robo-call from “HR” about your “2020 benefits” or “next year pay raise”, do not click or open any attachments, but report these suspects email to the IT department or your IT support. In case you have questions about your benefits or pay, pick up the phone call the HR department using the regular, correct extension.
NEVER click on any link in these emails, or “reply” and attach personal information because both the “From” and the “Reply” email address may be spoofed and you would send confidential information to criminals. Think Before You Click.
For any Cyber Security concerns, or to find out more about our services, contact us today and speak to one of our experts.
