DarkOwl Cybersecurity and other information security companies are currently researching an influx of spear phishing campaigns targeting Human Resources departments. The malicious individuals are forging a seemingly legitimate email from the company’s CEO, in an attempt to obtain employee W-2s and other personally identifiable information (PII).
What we know
- The attackers are organized and using open source intelligence (OSINT), likely leveraging professional social networking sites to gain information that contributes to the legitimacy of their emails.
- It appears that executive leadership is being targeted.
- The malicious individuals are using spoofing techniques for email addresses and using the email “Reply-To” field to redirect replies.
What you can do
- Contact your security team if you are uncertain about any email requests. It is easier to ask than to mitigate an intrusion.
- Reinforce your organization’s policies around phishing and social engineering campaigns.
- Make sure that your employees are following company policies with regards to information disclosure on social networking sites.
For additional information regarding these attacks, including examples of the specific wording used in the phishing email, see the following resources: