Annual HR tasks exploited in credential theft campaigns

BleepingComputer reports that major organizations are having their employees targeted by new phishing attacks exploiting messages concerning annual Human Resources department tasks to facilitate credential exfiltration activities. Malicious emails purporting to be update notifications for 401(k) plans are being distributed by threat actors masquerading as HR staff, who have increasingly integrated QR codes within the messages that redirect to a credential harvesting site, according to a Cofense report.

Source: SC Magazine

 


Date:

Categorie(s):