Researchers have recently identified a new phishing campaign that attempts to harvest Office 365 login details by baiting employees with the promise of an increase to their wage.

Many users are now becoming vigilant at identifying emails from service providers and other third-party companies with messages that seem 'too good to be true' - such as gift cards, lottery wins, and more inciting promises - but those who don't hold their internal communications to the same level of scrutiny could find themselves compromised as a result of the latest Phishing campaign.

 

Breaking Down the Threat

In this campaign, cyber-criminals are using relatively simple spoofing tactics, like altering the email display name, to fool targets into believing the message has been sent from their company's HR department. Although the email address itself still gives away the illegitimacy of the whole thing, many recipients wouldn't think to check the sender address of an email from their own organisation - especially those viewing the message via mobile apps which often requires the user to specifically 'uncover' this detail.

 

Office 365 Phishing Scam Baits Employees with Salary Increase

 

As for the actual content of the campaign, the subject line instantly draws the target in with the promising line 'EMPLOYEE SALARY NOV'19', and the body of the email opens with the company name in bold at the top of the page - a much simpler technique than attempting to customise each message with the appropriate logo, but still effective. After addressing the target by their first name only (another red flag), the message continues with the following:

 

"As already announced, The year's Wage Increase will start in November of 2019
and will be paid out for the first time in December, with recalculation as of November"

 

Already users should be feeling some suspicion over the odd choice of capitalisation and the absent memory of this original 'announcement' - but as we all know, blind optimism is rife in the lead up to Christmas, and this is exactly what attackers are relying on.

Following this message, the email invites the target to 'view salary-increase-sheet-November-2019.xls' - but instead of opening a spreadsheet, this link directs the user to a spoofed Microsoft login page. This is a commonly used tactic, but this particular campaign raises the bar in terms of trickery by automatically populating the target's email address, leaving just the password field for them to fill in.

 

How to Protect Your Accounts

Account Takeover attacks are almost impossible for traditional email security solutions to detect as they don't harbour any malicious software, and the emails and fraudulent links they use are often created specifically for new campaigns meaning they won't appear on any blacklists.

As mentioned throughout this article, there are typically some red flags that users can be trained to identify, allowing them to quickly report the threat to their IT team before any accounts are effected. In fact, a phishing simulation study conducted on 400 companies found that user interactions with suspicious messages dropped from 35% to 0% after receiving just 4 simulated emails

On top of this, organisations can implement Artificial Intelligence technology to defend their inboxes from advanced, targeted attacks such as this example of account compromise. The reason this technology differs to traditional methods is that, rather than relying on the detection of actual malware strains or blacklisted domains, AI defence learns the usual communication patterns of a company, allowing it to flag any behavioural anomalies like an unusual request or incorrect email address. 

 

For best practices we recommend organisations use both of these solutions in conjunction for optimal defence - which you can find out more about in our article Complete Office 365 Protection in 5 Layers - but you can find out more about both individual services below.

 

Barracuda Sentinel Icon Barracuda Phishline Icon

AI-based protection from Spear Phishing, Account
Takeover, and Business Email Compromise.

Find out more

Anti-phishing training and simulation platform.

Find out more