Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.
The ongoing campaign is believed to have targeted about 100,000 inboxes, bypassing Google G Suite email security, the researchers say.
The fraudsters are using email messages and landing pages that attempt to impersonate the company’s internal messaging system and HR department. The emails focus on status updates regarding whether employees can plan to return to working in their employer’s offices, reflecting the updates companies have been sending out following the outbreak of COVID-19, according to the Abnormal Security report.