Email Phishing

Phishing Banner

Email Phishing

Part 4 of 4

Following on the heels of the previous phishing emails, this one is supposedly a HUMAN RESOURCE INTERNAL MEMO, and yep, you guessed it, I’m getting a raise., Yahoooooo!!! It’s about time, lol.

Hr Internal Memo
Human Resources Internal Memo

Clicking on the Salary Compensation Report button redirects https://assets-apj.mkt.dynamics.com/######-2d38-ef11-a311-000d3aa0ee9f/digitalassets/standaloneforms/4fd1fc55-4a4b-ef11-a316-000d3aa16cf4#joe@simplywebservices.com which then redirects to https://storage.bhs.cloud.ovh.net/v1/AUTH_d######90534b0e870bed5324cde759/
humanresources/hr-alert.htm#

to a very fancy, animated, and interactive page, where I’m supposed to put in my email username and password.  (I obfuscated the URLs to protect the innocent)

Email Address

Once I input my username and password (yeah, like I put in my real password), I was redirected to the Simply Web Services home page.

Phishing lessons learned

  1. We will not send you notice that emails are stuck in the queue
  2. We will not send you a link to empty your inbox if it is full. We will contact you, but we will not send you a link unsolicited
  3. Sorry, but there are no salary increases for clients this year, lol
  4. We are not currently using MS Teams to communicate with clients.
Let’s Go Phishing – Part 1
Weekend Phishing Trip – Part 2
Phishing Team – Part 3
Email Phishing – Part 4