Their deceptive strategy revolves around enticing employees to click on phishing links embedded in these emails. The attackers craft their messages around vacation schedules, often using tactics such as sudden rescheduling, date confirmations, or conflicts with important events. Given that many employees have already made travel arrangements, including purchasing tickets and booking hotels, they are more susceptible to falling prey to such scams.
An example of a fraudulent email demonstrates the intricacies of these deceptive schemes. Upon closer examination, it becomes evident that the sender is not an authentic company employee. The “HR director” who “signed” the email remains nameless, and the signature does not align with the organization’s corporate style. Furthermore, the link, seemingly leading to a PDF file, is actually associated with a completely different address.
It is evident that the attackers possess only the recipient’s email address. They employ automated mass mailing tools that extract the company’s domain name and the employee’s name from the address. These details are then used to impersonate the link and the sender’s signature. Even if the victim unwittingly clicks the phishing link, there are still indications of fraud on the attackers’ websites. The fake site, designed to steal credentials, is hosted on Huawei Cloud rather than the company’s official server. Moreover, the name of the file on the site does not correspond to the PDF mentioned in the email. The absence of any attributes connecting the site to the specific company further raises suspicions.