'Your Wages Monthly Activity Statement' Scam

Fraudsters are sending out lure emails to unsuspecting users. The unsafe messages are presented as containing an important activity notice regarding the recipient's salary or wage. In its main message, the fake emails will claim that the recipient's wage has been updated and will be increased starting from the next applicable month. The subject line of these misleading emails could be similar to 'salary-increase-sheet-[month]-[year].'

The lure email will claim that the attached file will provide users with the exact details of their new salary. However, when executed, the HMTL file carried by the email will take users to dedicated phishing websites. The deceiving page is designed to be visually similar to the legitimate Microsoft SharePoint page. Users would be instructed to provide their email address and/or password, as a way for users to verify their identity.

All information entered into the website will be transmitted to its operators and become compromised. Afterward, the con artists could try to take over the victim's email account or any other associated accounts that use the same credentials. The consequences for the victims could vary, based on the specific goals of the fraudsters. They could use the breached account to carry out various fraudulent activities, spread malware, disseminate disinformation, etc. Alternatively, they could package all of the collected account credentials and put them up for sale to any interested third party.