Sat. Jun 6th, 2020

New Office 365 Phishing Campaign Uses Pay Raise to Lure Users

When we think about cybercriminals, many words come to mind — malicious, persistent, creative. Yes, creative, you read that right.


How creative are they?


Cybercriminals are baiting employees with pay raises in a new Office 365 phishing campaign, Bleeping Computer reports.


According to researchers at Cofense Phishing Defense Center, the attackers pose as their target’s Human Resources Department and asks victims to open an Excel spreadsheet with the file name salary-increase-sheet-November-2019.xls. 


Even more, the body of the email tries to further incentivize victims to click the link by using the phrase:

“As already announced, The Years Wage increase will start in November 2019 and will be paid out for the first time in December, with recalculation as of November.”


However, as is the case with phishing campaigns, when victims click on the “spreadsheet,” they are redirected to the phishing landing page, which is hosted at: hxxps://salary365[.]web[.]app/#/auth-pass-form/


The phishing landing page is designed to look like the Office 365 login page and is customized to display victims’ email address, so targets’ only have to input their password to sign in.

“Having the targets’ email prominently displayed in the phishing page adds to the illusion that they’re seeing a legitimate Office 365 login form, further decreasing the chance of raising any alarms.”


So, if your organization uses Office 365, Rapid7 recommends the following techniques to minimize your chances of being tricked by malicious actors:


  • Enable multi-factor authentication via Office 365 or a third-party solution for all employees
  • Enroll staff in phishing awareness programs designed to help employees spot and report phishing attempts easier