Were You Offered a Salary Raise via Email? Do Not Celebrate Just yet Because It Might Be a Scam

Phishing scams come in all forms and sizes, and while some of them are pretty obvious and can be spotted from a mile away, others are more sophisticated and can be used to scam even the more cautious people. The salary increase scam we are discussing in this report is not necessarily extremely sophisticated, but it exploits people who might be expecting a raise or who might be desperate for a bigger pay by the end of the month. When an offer to get a bigger salary comes one’s way, caution might be put to the side. If you continue reading this report, we are sure that you will be able to spot salary phishing scams in the future, and so if you are curious, you should continue reading.

Beware of salary-increase-sheet-[month]-[year].xls and similar files

If you have received a strange email with a file named salary-increase-sheet-[month]-[year].xls attached to it, you need to report it, take note of the sender, exit the message, and then quickly delete it from your inbox. By reporting this phishing scam email, you call the attention of your email provider, who should be able to analyze the message and then prevent the same sender from attacking other potential recipients. The Cofense Phishing Defense Center first discovered the scam in October of 2019, and so the file was named salary-increase-sheet-November-2019.xls. Of course, changing the month and the year in the name of the file is very easy to do, and so we can expect to see a different month and year used in the future to make the phishing scam more believable. According to the researchers who discovered the scam, the phishing scam email is set up in a way so as to trick the recipient into thinking that they have received the message from their employer. The message inside informs that the recipient was added to the list of people whose salaries were increased.

The goal behind the message is to make the recipient click the .XLS attachment, but if that is done, the recipient is automatically routed to salary365.web.app/#/auth-pass-form, a phishing website set up to extract Office 365 login credentials. The page mimics a Microsoft login page, and less cautious victims of the phishing scam might be tricked into disclosing a highly sensitive combination of email address and password. The email address, of course, is already something that the attackers know, and it is even included in the full URL of the malicious salary365.web.app link. Of course, the attackers behind this scam could set up new websites and even use a modified version of the phishing scam we are discussing right now to trick more people into disclosing Office 365 login credentials. It is up to you to identify whether or not the email is real, and if you ever suspect foul play, you should check in with your tech-support team or the human resources department. The cybersecurity specialist in your company will be able to confirm a phishing scam, and your HR department will be able to confirm whether or not your salary was raised.

What to do if you were tricked into disclosing Office 365 login credentials?

The first thing you want to do is report the incident to whoever is responsible for cybersecurity in your company. They are paid to deal with these kinds of problems, and they will be able to assess the situation and present you with the right solution the quickest. You want to have the issue resolved quickly because if devious cybercriminals can take over your Microsoft account, they could try to access your company’s resources or send malicious emails to all of your colleagues. The situation is not as dire if 2-factor/multi-factor authentication has been set up. If you have no idea what we are talking about, we invite you to read this report. The bottom line is that if you have 2FA or MFA set up, cybercriminals might be unable to hijack your account even if they know your Office 365 login credentials.

How to set up two-factor authentication for Office 365

  1. Go to https://login.microsoftonline.com/.
  2. Enter your login details and then click Sign in.
  3. Click the Set it up now button.
  4. Enter Additional security verification information and click Next.
  5. Verify yourself using the verification code sent to you in the chosen manner.

To set up multi-factor authentication, follow this guide.

#1 tip for phishing scam victims

If you have fallen for the vicious salary increase phishing scam, the most important thing you need to do right away – besides contacting the cybersecurity team in your company, if that applies – is to change your password. Even if you have two-factor or multi-factor authentication enabled, your password is the weak link, and this link must be upgraded immediately. At the end of the day, even two-factor authentication is not invincible, and so you need to react to successful phishing scams fast. You can reset your password here, but do not change it mindlessly. If you add a number or a symbol to your old password, it will remain vulnerable. If you replace it with something weak, you will not increase your security either. What you need is a long, unique, and complex password, and if you cannot come up with one yourself, we advise employing a tool that will do it automatically. Cyclonis Password Manager has an integrated Password Generator that makes it extremely easy to create the strongest password possible. If you are interested, click the Try FREE 30-Day Trial Now button on the right.

In the future, you need to remember to be very careful about the emails you receive. Whether it is your work email account or your personal email account, if you just open every email you receive and then interact with it mindlessly, you could expose yourself to all kinds of phishing scams. Note that ransomware is often spread using misleading emails too, and so you need to be extra cautious. Check the sender, look for strange, out of the ordinary elements, think about whether or not the email makes sense to you, and, of course, be extra cautious about links and file attachments that could be introduced to you. If you secure your accounts and keep an eye out for strange emails, you might be able to escape scams.

January 14, 2020

Leave a Reply