Annual HR tasks exploited in credential theft campaigns

11 January 2024

BleepingComputer reports that major organizations are having their employees targeted by new phishing attacks exploiting messages concerning annual Human Resources department tasks to facilitate credential exfiltration activities. Malicious emails purporting to be update notifications for 401(k) plans are being distributed by threat actors masquerading as HR staff, who have increasingly integrated QR codes within the messages that redirect to a credential harvesting site, according to a Cofense report.

Source: SC Magazine

Date:

11 January 2024

Categorie(s):

NEWS

Tag(s):

Annual, HR, Identity Theft, IT, Phishing

A million Australian pubgoers wake up to find personal info listed on leak site2 May 2024
Women rising in cybersecurity roles, but roadblocks remain2 May 2024
AI-driven phishing attacks deceive even the most aware users2 May 2024
Panda Restaurant Corporate Systems Hacked: Customer Data Exposed2 May 2024
NSW club patrons advised to replace ID documents after leak of more than a million records2 May 2024