As we’re approaching the end of 2019 it’s the time of year where we would all appreciate a raise or bonus to help with holiday expenses. Well, the scammers are savvy to our psychology and this latest scam is particularly seductive as it uses the lure of a wage increase to entice employees to give out their Microsoft Office 365 username and password.
The spoofed email is similar to other phishing attacks, only this one this one appears to come the HR department regarding a company-wide pay increase to which the intended victim is entitled. If you think about it, it’s not all that uncommon especially for large companies to increase salaries throughout the year. So, it’s not too far a stretch for this kind of email to appear in an employee’s mailbox. Here’s what it looks like:
The link looks like it points to a company Sharepoint Excel file but instead takes you to a fake Microsoft login page with your email address already filled in. All you need to do is enter your password and the criminal is into your account. It’s as easy as that.
The good news is that this phishing scam follows a similar formula to its predecessors. This means that if you and your employees are trained and have continuous education on how to recognize and not fall for phishing attacks, this won’t affect your organization. We call this the Human Firewall. It’s because we can set you up with the best protection technology money can buy and it will not block 100% of scammers from getting into your inbox (while still staying practical).
Not sure where to start with employee training? Feel free to reach out, we can help with that.
Stay safe out there.