Phishing attacks are becoming increasingly sophisticated, and the latest strategy targeting employees highlights this evolution.
This new phishing attempt impersonates a company’s Human Resources (HR) department, presenting a significant threat to corporate security.
In this article, we’ll dissect the recent phishing tactic and provide detailed insights to help you recognize and avoid falling victim to such scams.
The Deceptive Email: A Closer Look
According to the Cofense reports, a phishing email is meticulously designed to look like official communication from a company’s HR department.
It arrives in employees’ inboxes with a subject line that immediately grabs attention: “Modified Employee Handbook For All Employees – Kindly Acknowledge.”
This subject line creates a sense of urgency, prompting recipients to open the email and engage with its contents without hesitation.
The email’s layout and language further enhance its perceived legitimacy.
It opens with a formal greeting and presents a message in a structured format typical of corporate communications.
The language used is professional, clear, and direct, mimicking the tone and style that employees would expect from an HR department.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files
The body of the email includes formal language and directives typical for corporate communications.
It begins with a polite greeting and swiftly transitions into a directive to review a revised employee handbook.
The email stresses the importance of compliance by a specific deadline, typically by the end of the day, fostering a sense of urgency and importance among recipients.
The Phishing Page: A Deceptive Trap
The primary goal of this phishing email is to lure recipients into clicking on the embedded hyperlink and trick them into entering their credentials on a fake login page.
By appearing to originate from a trusted source (HR department), the email leverages authority and urgency to persuade recipients to take immediate action without questioning the authenticity of the request.
The email contains a hyperlink with the heading, “HR COMPLIANCE SECTION FOR REVISED EMPLOYEE HANDBOOK.”
Clicking on this link takes you to a page that mimics a legitimate document hosting site. Here, you are presented with a “PROCEED” button to continue.
Upon clicking the “PROCEED” button, you are redirected to a page that appears to be branded by Microsoft.
This is where the phishing attack becomes more sophisticated.
The page asks for your Microsoft username and looks very convincing.
The threat actor’s strategy is to gain your trust by presenting a legitimate-looking website where you are prompted to log in with your company’s Microsoft credentials.
Here’s a detailed breakdown of what happens next:
- Capture of Credentials: When you enter your company email address and press next, you are redirected to what looks like your company’s Microsoft Office 365 login page.
- Error Message: After entering your username and potentially your password, you receive an error message stating, “There was an unexpected internal error. Please try again.” This message is a ruse.
- Redirection to Legitimate Login Page: You are then redirected to your actual company’s SSO/Okta login page, and the victim will likely not even realize the URL changed. In the meantime, the threat actor has captured your username and password from the login attempt.
To protect yourself and your organization from such sophisticated phishing attacks, it is crucial to stay vigilant and follow these preventive measures:
- Verify the Source: Always verify the sender’s email address and look for any inconsistencies.
- Hover Over Links: Before clicking on any link, hover over it to see the actual URL.
- Report Suspicious Emails: Immediately report any suspicious emails to your IT department.
- Regular Training: Participate in regular cybersecurity training sessions to stay updated on the latest phishing tactics.
By staying informed and vigilant, employees can play a crucial role in safeguarding their organization against these evolving phishing threats.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo