PThere has been an uptick in scams using annual employee responsibilities as lures in Human Resources (HR) phishing campaigns. Observed themes include salary and benefits adjustments, important 401(k) updates and tax documentation, and other time-sensitive HR tasks. While some of these responsibilities typically occur at the end of the year, others may be in preparation for the 2024 tax season. Nevertheless, the topics included in these themes are often expected and anticipated. These phishing emails may include personal information
exposed in recent data breaches, making them harder to identify. These phishing emails typically use attachments, QR codes, or links to steal credentials or download additional malware. In one example, targets received emails with a PDF attachment from a user purporting to be an Internal Revenue Service (IRS) employee attempting to deliver Qbot. Although Qbot was taken down in August 2023, IRS-themed campaigns targeting the hospitality and entertainment industries began to reemerge in December 2023. Additionally, threat actors were observed actively distributing Qbot malware via FakeUpdates. Users are advised to exercise caution and remain vigilant as tax season approaches. For additional help or questions contact us here at Cyber Command.