Business
Focused
Technology

New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials

Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your users.

This far into the pandemic, there are groups of users within your organization begging to come back to the office, as well as those that never want to set foot in the office again. This emotional attachment to either sentiment is the basis for this newest scam, documented by security researchers at Abnormal Security.

The scam appears to come from internal HR, informing users of dates that the offices are expected to reopen and when employees should return to the office to work. Each contains an HTML attachment with the victim’s name on it (see below).

Unlike most html attachments, the link doesn’t take the user to a malicious webpage; instead it takes them to a SharePoint Online document that appears to be an HR document the user is required to acknowledge. This use of a legitimate Office 365 SharePoint site helps these attacks bypass security and find their way to the user’s Inbox.

The most dumbfounding part of this attack is how the user is tricked out of their credentials. At the end of the HR form, they are simply asked for their email address (which is presumed to be their username) and then asked to enter in their password as a means to establish identity as part of agreeing to the presented HR policies. Anyone who understands when and where passwords would be used can easily see this isn’t one of those times.

The scam is a good one – it uses evasive techniques to ensure delivery, establishes legitimacy and urgency, and quickly seeks to reach its malicious goal. Users that have undergone Security Awareness Training should be able to spot this as being a scam, keeping their credentials – and your organization – secure.


SOURCE: KnowBe4.com

Principal Owner, Law Firm

Our law firm uses IT360, Inc. for all of our technology needs. They not only provide outstanding service at a reasonable fee, but we consider them an integral part of our practice.

Principal Owner, Law Firm

Recent
Technology News

IT 360 News
Threats and Infrastructure

From Arctic Wolf SUMMARY On February 7, 2024, CISA issued an advisory detailing their discoveries concerning state-sponsored cyber actors linked to the People’s Republic of China (PRC). Notably, the PRC-affiliated threat actor, Volt Typhoon, is actively engaged in efforts to infiltrate IT networks, with the potential aim of launching cyberattacks on vital U.S. infrastructure in […]

Read more
IT 360 News
Multi-Factor Authentication

By Cybersecurity & Infrastructure Security Agency OVERVIEW Multi-factor authentication (MFA) is a layered approach to securing physical and logical access where a system requires a user to present a combination of two or more different authenticators to verify a user’s identity for login. MFA increases security because even if one authenticator becomes compromised, unauthorized users […]

Read more