Annual HR tasks exploited in credential theft campaigns

BleepingComputer reports that major organizations are having their employees targeted by new phishing attacks exploiting messages concerning annual Human Resources department tasks to facilitate credential exfiltration activities. Malicious emails purporting to be update notifications for 401(k) plans are being distributed by threat actors masquerading as HR staff, who have increasingly integrated QR codes within the messages that redirect to a credential harvesting site, according to a Cofense report. QR codes have also been leveraged in emails using salary adjustments as a lure. Attackers were also observed to attempt employee credential theft through fraudulent emails regarding open enrollment for health insurance and retirement plans, as well as employee evaluation reports and satisfaction surveys. The mounting prevalence of such scams even in organizations with robust email security systems should prompt the implementation of scheduled communications among HR departments, as well as the removal of commonly exploited QR codes in official business communications, said researchers.