Kaspersky Lab experts have discovered an advanced phishing campaign in which attackers send personalized emails to employees of organizations under the guise of instructions from the HR department.
According to experts, cybercriminals are trying to steal logins and passwords from corporate email accounts in this way. The peculiarity of this campaign is that not only the texts of the letters are individualized, but also the attachments.
In the detected mailings, the recipient is addressed by name both in the letter itself and in the attached file, which the potential victim is invited to read. The document allegedly contains information about remote work protocols, security standards, and available benefits for employees. To lull the recipients' vigilance, the attackers add a fake "verified sender" mark to the body of the letter. However, the entire message is not text, but an image. Attackers use this technique in an attempt to bypass email filters.
The Lab reported:
In reality, the attached file called "Employee Guide" does not contain the promised information - only the title page, table of contents and a section with a QR code, which allegedly leads to the full version of the instructions. Phrases have been added to the guide to convince the user that this document is definitely for him.
If the victim scans the QR code and follows the link, they will be taken to a fake page that mimics the authorization form for Microsoft services, where they will be asked to enter their login and password for their corporate email. In this way, attackers are trying to steal this data.
