New Phishing Attacks Pose As Updated HR Policy Announcements In The New Year

Crane Hassold, Director of Threat Intelligence at Abnormal Security, is seeing bad actors exploit the transition to the new year by sending out phishing campaigns containing themes of updated human resources (HR) policy announcements to steal employee credentials.

Abnormal Security has looked at campaigns incorporating these themes, and has published a report discussing why the content of these phishing attacks could result in a higher success rate, and providing recommendations about how organizations can better protect themselves from similar attacks.

  1. The first link-based attack imitated a company HR email that announced the release of a new employee handbook, which included a link to a phishing page meant to steal an employee’s name and email credentials.
  2. The second payload-based phishing attack posed as an announcement from the company HR team about updates to the company’s benefits package and requested the recipient review a supposed updated handbook, which opened a phishing page to steal account credentials.

You can read the full report here.

Leave a Reply

%d bloggers like this: