Abnormal Attack Stories: CDC Starter Kit Phishing - Abnormal Security

Abnormal Attack Stories: CDC Starter Kit Phishing

In this attack, attackers impersonated the recipient’s company’s HR team and sent out fake CDC COVID-19 information in order to steal user account credentials.

Quick Summary of Attack Target

Platform: Office 365
Mailboxes: 15,000-50,000
Email Security Bypassed: Office 365
Email Gateway: Proofpoint
Victims: Employees
Payload: Phishing
Technique: Impersonation

What was the attack?

  • Setup: To address the COVID-19 pandemic, most companies are establishing new guidelines or programs to assist their employees.  Many employees are likely to expect to receive plans related to the pandemic from their HR departments
  • Email attack: This attacker has altered their display name to appear as “HR Department,” in an effort to make the email appear to originate from an internal source. This email targets all company employees – stating that the contents will be passed to the CDC, and that the CDC requires all employees to acknowledge receipt of the message.
  • Payload: The phishing page is simple. It asks for the victim’s credentials including email address and password
  • Result: If recipients fall victim to this attack, their login credentials for their email account will be compromised. The sensitive data in any emails they’ve received or sent would also be at risk.

Why is this attack effective?

  • Relevant Email: With the COVID-19 pandemic ongoing, this email touches on relevant topics for employees, making their engagement more likely
  • Urgency: There is a short deadline set for when employees are supposed to acknowledge that they received this message and fill out the form. Attackers use urgency because it causes recipients of their attacks to be less cautious about responding to it. If an employee does fill out the form, their credentials will be compromised and the attackers will have access to sensitive personal information.
  • Impersonation: The attacker impersonates the HR department of the organization.  Employees are more likely to provide credential information to others within the organization.

Related content