The IRONSCALES research team has recently identified a social engineering phishing scam that leverages confusion and disinformation about people and corporate COVID vaccine requirements to trick victims into providing their Microsoft Outlook credentials to the attackers.
In this attack, the threat actors send a phishing email to the victims at a specific company under the guide of being from the company’s HR team. The phishing email contains a form that employees are directed to complete to provide their COVID vaccination status in order to prevent being hit with “significant fines”. Given the threat of financial consequences for non-compliance, victims are likely to take action on the phony request.
In this attack, the payload is a fake landing page that appears very similar to a legitimate Microsoft Outlook landing page. Should the victim enter their credentials the attackers will be able to harvest their details and use them as a launching pad for further nefarious activities.
IRONSCALES was able to identify the attack in several ways. First, our visual scanner (i.e. “Computer Vision”) was able to detect that the Outlook login page was not legitimate. Our AI was also able to recognize language within the phishing email that was suspicious (particularly the urgent tone in the email. Finally, our platform identified a discrepancy between the name in the Sender field and the name used to sign the email. All these indications of suspected phishing resulted in the IRONSCALES platform automatically flagging the email for further investigation.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today.