Bad actors will always find new ways to entice their targets to click a link or open an attachment. Typically, they use fear and urgency to persuade the end user to fall into their trap. But recently a new scam has come to light and is attempting to exploit their target’s curiosity.
These criminals are posing as the Human Resources department of your company and sending emails regarding upcoming pay increases or changes to next years benefits. The bodies of these emails will consist of verbiage like:
This years wage increase will start in December
View the salary increase sheet by clicking the link below.
New benefits for the upcoming year.
Both scams have the same goal, to steal your password. If clicked, the provided link will redirect users to a fraudulent Office 365 sign in page in hopes that the target inputs their password. The Office 365 page will often have the email address of the targeted user already populated in the username box to add a sense of legitimacy to the ruse.
(example of the fake Office 365 page with the username pre-populated)