skip to Main Content
+44 (0) 1628 308038

Office 365 Phishing Campaign Baits Employees with Pay Raises

Phishing Campaign

Pay raises were used by scammers to bait employees in a recent phishing campaign that tried to trick them into handing out their Microsoft Office 365 account credentials.

The attackers posed as their targets’ Human Resources department and asked them to open an Excel spreadsheet with a salary-increase-sheet-November-2019.xls filename hosted online and supposedly containing a list of salary increases.

“The threat actor attempts to make the email appear to come from the target company by manipulating the ‘from’ field in the headers,” researchers at the Cofense Phishing Defense Center (PDC) found.

“In particular, the threat actor changes the part of the from field that dictates the “nickname” displayed in the mail client to make it appear as if it originated within the company.”

Phishing email sample
Phishing email sample (Cofense)

The phishing email’s body uses the following phrase as an incentive to click on the embedded link as Cofense also discovered: “As already announced, The Years Wage increase will start in November 2019 and will be paid out for the first time in December, with recalculation as of November.”

However, instead of opening the spreadsheet with payment raises, the link will redirect the potential victims to the attackers’ phishing landing page hosted at hxxps://salary365[.]web[.]app/#/auth-pass-form/.

Once the phishing page loads, the targets will see a fake Office 365 login page customised to display their email address and only asking them to input the password to sign in.

“The recipient email address is appended to the end of the URL that automatically populates the email box within the form, leaving just the password field blank to be submitted by the recipient,” Cofense also found.

Having the targets’ email prominently displayed in the phishing page adds to the illusion that they’re seeing a legitimate Office 365 login form, further decreasing the chance of raising any alarms.

New-school security awareness training with realistic phishing simulations can help your employees identify both simple and sophisticated attacks. With thanks to the Cyber Defence Alliance and The full story is here:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST Results

Here’s how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)

Customise the phishing test template based on your environment

Choose the landing page your users see after they click

Show users which red flags they missed, or a 404 page

Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management

See how your organisation compares to others in your industry

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

Close search


Back To Top