Weekend Phishing Trip

Phishing Banner

Weekend Phishing Trip

Part 2 of 4

According to my email, I’m getting an increase in my salary, nice! 

It looks like I’m being Spear Phished for some reason, but they didn’t do their homework on me, as the first email, I got earlier (see previous post) doesn’t account for me being the admin of the server.

This latest phishing email doesn’t account for me being on the payroll team either.

Phishing Email
Scheduled Increase in salary

The link in the email redirects me to https://hardbin.com/ipfs/QmcyZ8MMHEWF9EvWJKMGSGBnmMYMmRrSkMCsX3jMwN4kdP/
index2gse####.html#joe@simplywebservices.com. (I obfuscated the URLs to protect the innocent)

I couldn’t go any further as the website had already been removed and replaced with the below banner.

Payroll Phishing Banner

I do have to applaud them minus not knowing much about our company, they did do a nice job crafting the email, to include it coming from Simplywebservices Account Payable. Including an unsubscribe link was a nice too. It redirects to the same URL as the above salary report does.

I find it strange that they want me to look at the report on salaries and find mine. Does that mean that everyone else’s is listed on the report?

Let’s Go Phishing – Part 1 Weekend Phishing Trip – Part 2 Phishing Team – Part 3 Email Phishing – Part 4