- Hackers launch BEC scams using HR bonus-themed emails with QR codes
- Victims redirected to fake login pages via mobile devices for credential theft
- The campaign displays advanced evasion tactics, exploiting major seasonal and global events.
Be careful when receiving emails from your company about year-end bonuses – they could be a scam.
Now that companies are considering bonus allocations, performance reviews, and benefit enrollment processes, hackers are taking advantage to try to steal people’s workplace passwords and login credentials.
Security researchers Mimecast have warned about emails with subject lines like “Let’s finish the year strong: fill out your bonus form.” They are already circulating. These are business email compromise (BEC) campaigns, as the emails originate from compromised email accounts belonging to the Human Resources (HR) departments of the victim organization.
Move victim to mobile
Emails are sent to other employees in the same organization and carry official branding and logos.
Attached to the messages are PDF files with a QR code that the victim is supposed to scan with their mobile device. Apparently, the first objective of the campaign is to move the victim from the PC to the mobile environment, since the security there is not as strong as on a desktop platform.
Once the victim picks up their mobile device and scans the QR code, they are redirected through multiple sites and finally reach a page where they must log in to their trading accounts.
“This campaign demonstrates operational maturity through the use of geographically distributed compromised accounts, mobile device filtering, and CAPTCHA bypass techniques to evade detection,” Mimecast explained.
Cybercriminals regularly use important events and dates in their campaigns to increase their perceived legitimacy and thus steal more credentials. These include tax season, the holiday season, Black Friday, and, obviously, year-end performance reviews.
They also take advantage of important events, such as the FIFA World Cup, the Olympic Games or the US presidential elections.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
