Phished for a Raise

Not getting a raise is rough. Not getting that raise AND having your business completely compromised is even worse!

"The attackers posed as their targets' Human Resources department and asked them to open an Excel spreadsheet [entitled] salary-increase-sheet-November-2019.xls."

In a well-crafted attack on multiple industry verticals, hackers exploited employees' innate sense curiosity with a fake HR email about salary increases.

"The threat actor attempts to make the email appear to come from the target company by manipulating the 'from' field... that dictates the “nickname” displayed in the mail client to make it appear as if it originated within the company."

The attack was designed to harvest login credentials from employees at a "spectrum of industry verticals, including financial, insurance, medical, telecom, and energy."

"Having the targets' email prominently displayed in the phishing page adds to the illusion that they're seeing a legitimate Office 365 login form."

Attackers are only getting better at targeting our people, exploiting human behavior.

Take the next step in securing your team and your people with INFIMA here!

Original article here.
[https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-baits-employees-with-pay-raises/]