When you think scammers couldn't get any lower, they find new ways to prove you wrong. Recently, a new phishing email scam has arisen in the wild; this one baiting potential victims with the possibility of pay raises.
The scammers structured their email so that they appeared to come from the Human Resources department of their victims' companies.
They asked the recipient of their phishing email to open an Excel spreadsheet bearing the name "salary-increase-sheet-November-2019.xls."
The email body explained that "The Years Wage increase will start in November 2019 and will be paid out for the first time in December, with recalculation as of November." Emails, such as this, tend to catch most people's attention. After all, who doesn't want a raise, right?
If a recipient clicks on the link, he or she must provide Office 365 login credentials to see the file. Of course, the file contains dummy data and has nothing to do with getting a raise; it's merely a useful hook to get an unwitting user to hand over their credentials.
The scammers not only constructed a convincing-looking email, but the Office 365 login screen looks exactly like a legitimate login screen. The emails the scammers provide goes far in explaining the campaign's unusually high success rate.
The researchers who have been following the issue urge Office 365 users to enable multi-factor authentication via Office 365 or a third-party solution. They also encourage business owners to enroll their staff in phishing awareness training programs designed to help employees spot and report phishing scam email attempts more easily.
You may protect your company and employees by practicing five tactics against a phishing scam:
- Eliminate pop-ups
- Add Anti-phishing software such as Webroot
- Train your staff on email phishing scams
- Stay up-to-date on phishing scams
- Increase firewall protection
Be on high alert for this one. So far, it has proved to be a highly effective campaign.