Cybercrooks entice unsuspecting phishing victims with fabricated wage increases and bonuses as bait

In the digital landscape, threat actors are continually devising new tactics to trick unsuspecting victims. A recent trend involves the use of current events and emotional triggers to create enticing social-engineering lures, as reported by cybersecurity firm Proofpoint.

These lures, often disguised as HR emails, promise salary increases, benefits changes, or updated employee handbooks, aiming to elicit a click without careful judgment. The turn of a new calendar year, with its multiple HR-related updates for professionals, provides a prime window for these social-engineering campaigns.

Proofpoint assesses, with medium confidence, that a series of EvilProxy framework campaigns are attributable to the same threat actor. However, these activities do not align with any of the firm's currently named threat actors. The likely focus of this perpetrator has been credential theft and account takeover, targeting financial institutions, cryptocurrency platforms, and social media accounts since August 2022.

Abnormal Intelligence has also observed a link-based credential phishing attack posing as an internal HR announcement. When clicked, the attachment opens a phishing page that mimics a Microsoft login page with a pre-populated corporate email address.

Email subject lines and messages have contained various themes, including pay raises, missing timesheets, password resets, above-limit expense claim figures, and corporate cybersecurity training. Some of these emails were routed through a traffic direction system that redirected to the EvilProxy phishing framework to compromise Microsoft accounts.

Threat actors repeatedly exploit Multi-Factor Authentication (MFA) via phishing or social-engineering attacks. The EvilProxy phishing framework has been a popular MFA phishing-as-a-service kit since August 2022.

Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, including the question of whether they are a target. These phishing campaigns could result in the compromise of sensitive corporate data and systems, underscoring the importance of vigilance and education in the digital world.

Recent reports by Proofpoint and Abnormal Intelligence detail these ongoing HR-themed phishing campaigns, highlighting the need for organisations to stay informed and protect their digital assets.