Abnormal Security -
No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside.
Threat actors know this, and they’re taking advantage of human emotions. Our most recent example comes from a school district, where attackers compromised one account and then used that account to launch additional attacks on the victim’s coworkers. Using urgent language and a phishing link, this campaign was an attempt to gain credentials to additional email accounts.
Summary of Attack
Target: Public School District
Platform: Office 365
Victims: Faculty and Staff
Payload: Urgent Message with Phishing Link
Technique: Credential Theft
About the Credential Phishing Attack
Prior to this attack, cybercriminals gained access to the mailbox of a faculty member at an independent school district. Once inside the inbox, they sent an