Kaspersky has identified an advanced phishing campaign targeting employees with personalized emails and attached documents disguised as HR policy updates. This campaign marks a significant escalation in phishing tactics, with attackers tailoring not only the email body, but also the attachments by addressing individual recipients, showcasing an unprecedented level of customization.
The goal was to lure the victim into entering their corporate email credentials. The attackers likely prepared by parsing employee names to make the campaign targeted and more convincing. The emails feature a deceptive body: a fraudulent “verified sender” badge to build trust, the recipient’s name, and an invitation to open the attached file to review remote work protocols, benefits administration and security standards. However, the whole email body is in reality just an image with no real text in it; this is done to bypass email filters.
The body of the fraudulent email is made of an image, not text
The attached document, posing as an updated “Employee Handbook,” does not contain any actual guidelines – only a title page, a table of contents with the items that have supposedly been changed highlighted in red, a page with a QR code, supposedly for going to the full document and common instructions on how to read QR codes using a phone. The document features the victim’s name multiple times to convince that this document was created specifically for them.
The alleged “Employee handbook” attached file
If the victim scans the QR code and follows the link, they land on a fraudulent page where they are asked to enter their corporate credentials, which is what the attackers are hunting for.
“This campaign demonstrates a new level of sophistication in phishing attacks, and we may be seeing a new mailing automation mechanism that generates a separate attached document and a separate image for the email body for each recipient. This tactic allows to scale the attack and at the same time possibly evade traditional defenses. Organizations must prioritize advanced security measures and employee education to stay ahead of these threats,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky.
To stay safe, Kaspersky recommends:
- Utilize specialized security solutions at the corporate mail server level to detect and block phishing attempts.
- Ensure all employee devices, including smartphones, are equipped with robust security software.
- Conduct regular training on modern phishing tactics.
-
Encourage employees to scrutinize emails for signs of phishing, such as image-based text or mismatched document titles, and to verify requests directly with HR
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
