Back to All Attacks
Attack Details
Attack Date:
Apr 18, 2022

OneDrive COVID-19 Employee Incentive Fake Document Credential Phishing Attack

Initial Email Content

Subject
Updated May salary review (Final Post-Covid-19 listing)
Body

Dear [Recipient Username],

  

  As already announced, The year's Wage increase will start in May of 2022

  and will be paid out for the first time by August, with recalculation as of May.


  


     

      View salary-increase-sheet-May-2022.Scan-103500010302022.pdf


  

  You will be informed of the details in advance by letter from the HR department.


  regards

  [Recipient Domain] Management

Attack Screenshots

No items found.

Malicious Artifacts

Additional Indicators of Compromise

Type

Description

No items found.

Attack Description

This link-based attack impersonates OneDrive and an employee using a self-addressed spoofed email, a COVID-19 theme, an employee incentive theme, and a fake document theme to steal credentials.

Analysis Overview

Tactic
Self-Addressed Spoofed Email
Goal
Credential Theft
Impersonated Party
Employee - Other
Vector
Link-based
Theme
COVID-19
Employee Incentive
Fake Document
Language