'Annual Salary Adjustment' Scam

Lure emails claiming to contain information about recipients' salaries are being disseminated as part of a phishing campaign. The tricksters use the deceptive messages to take unsuspecting users to a specially crafted phishing portal. The misleading page is designed to appear visually similar to the Quire file-sharing platform.

The fake emails are presented as a shared notification about the user's salary. The subject line observed by infosec researchers is 'Salary_Reviews' and the message claims to contain two important documents named 'Annual salary adjustment.pdf' and ' Salary reviews.pdf.' To access the supposed information, users are expected to click on the presented 'Preview Documents' button. Doing so will redirect them to the fraudsters' phishing portal.

The unsafe site will claim that due to the sensitive nature of the provided information, visitors must verify their identity by providing their email account credentials. In reality, all data entered into the fake page will be captured and sent to the con artists. Victims are likely to have their email accounts compromised and used for fraudulent activities.

Con artists also can use the acquired credentials to take over additional accounts belonging to the victims that may reuse the same usernames or passwords. These accounts could be for social media platforms, paid services, banking or payment providers, etc. The tricksters also could collect all of the misappropriated credentials and offer them up for sale on hacker forums.