Pay raises were used by scammers to bait employees in a recent phishing campaign that tried to trick them into handing out their Microsoft Office 365 account credentials. The attackers posed as their targets’ Human Resources department and asked them to open an Excel spreadsheet with a salary-increase-sheet-November-2019.xls. Instead of opening the spreadsheet with payment raises, the link will redirect the potential victims to the attackers’ phishing landing page hosted at hxxps://salary365[.]web[.]app/#/auth-pass-form/.
Source: https://www.bleepingcomputer.com/news/security/office-365-phishing-campaign-baits-employees-with-pay-raises/

