Researchers at Stripe warn of a wave of spear phishing attacks targeting C-suite employees and senior leadership across a wide range of industries. The emails pose as OneDrive document-sharing notifications with subject lines like “Salary amendment” or “FIN_SALARY.”
If a user clicks the link, they’ll be taken to a spoofed Microsoft Office/OneDrive login page designed to steal their credentials. The researchers note that “[b]oth the email body and phishing page are customized with the recipient’s name and company details to enhance credibility.”
Interestingly, the phishing emails use obfuscated button text to avoid detection by security filters. For example, the word “Open” is surrounded by random characters that are invisible to users in light mode.
“When the initial email is viewed in Light Mode, the buttons appear as ‘Open’ and ‘Share,’” the researchers explain. “In Dark Mode, concealed padding becomes visible, exposing randomised alphanumeric strings such as twPOpenHuxv and gQShareojxYI. This breaks up high-value trigger words like ‘Open’ and ‘Share,’ reducing the likelihood of detection by secure email gateways that apply string- or regex-based rules.”
Stripe offers the following recommendations to help organizations protect themselves against these attacks:
- “Awareness for executives and assistants – Ensure that those most likely to be targeted understand this campaign. The actor is using realistic “salary amendment” subject lines and personalised company details to increase credibility.
- “Scepticism around unexpected documents – Remind staff to be cautious when receiving links or documents relating to HR, payroll, or salary matters, particularly when sent externally.
- “Reporting suspicious emails – Make it clear how to escalate suspicious messages quickly within your business. The faster these are reported to your security resource, the quicker they can take action to protect others.
- “Support staff training – Executive assistants and close colleagues are also high-value targets. Ensure they receive the same level of awareness training and support as C-suite members.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Stripe has the story.
Here's how it works:
