The promise of a pay rise is an enticing offer and one that was used by scammers in a recent phishing attempt to gain access to multiple people’s Microsoft Office 365 account details.
The scammers took on the persona of their target’s company’s human resource department and then sent out an email linking to an excel spreadsheet titled ‘salary-increase-sheet-November-2019.xls’. The email which was sent suggested that the file listed salary increases for employees of the company. Instead of the link taking a user to a shared folder, it will take them to an external website.
The attacker made the email appear genuine by manipulating the “from” field of the email. They were able to change the from address, so it genuinely seemed to come from within the company. The scammer also manipulated the “nickname” field to show the same.
Even the Most Vigilant Could Have Fallen for This Scam.
The formal content of the email could have very well come from the HR department of a company with an opening statement of “The year’s wage increase will start in November of 2019 and will be paid out for the first time in December, with recalculations as of November.” A seemingly official statement from within your own company, promising an increase in your pay is more than enough to get you to click on the external link, as the scammers knew.
Even clicking on the link will not alert a victim to the scam happening. The external link will show a Microsoft login page, as would be the case when accessing a shared file. The email is already filled out with the password waiting to be inputted by the user. Again, as is the case when accessing a Microsoft shared file, and further adding to the illusion.
Upon examination of the external link within the received email, it appears that a variety of industries were targeted. Finance, medical, insurance, energy, and telecom are among some of the fields that became the target of this scam. Staff, not just in these fields but all should be aware of phishing scams and how to spot them. The company itself can also implement multi-factor authentication as an extra layer of protection.