publishing date icon
May 5, 2023
read time icon
5 min. read

Threat feed week 18: PostNord and payroll impersonation emails

Author image
Threat Analyst Team
Post hero image

Table of contents

share this post

PostNord postal service impersonation

Hox rating: ★✩✩✩  

Threat type: Bulk phishing

Payload: Malicious links

Region: Nordics

Analyst: Suvi Hakala

Date: 03.05.2023

This phishing email attempts to impersonate the postal service provider PostNord.

Hyvä asiakas, Viimeisin muistutus: Tämä sähköposti ilmoittaa, että pakettisi on edelleen vireillä Huomaa, että pakettisi on edelleen vireillä, koska et ole maksanut tullimaksuja. Noudattaa ohjeita • Toimituskulut : (2,99) • Seurantanumerosi : Lisäpalveluita varten löydät lähetysseurannan klikkaamalla tästä. Saat sähköpostin tai tekstiviestin, kun lähetys saapuu kotiosoitteeseesi. Sinulla on 10 päivää aikaa noutaa paketti saatavuudesta. Peruuttamisen yhteydessä sinua pyydetään esittämään henkilöllisyystodistus. PostNord Sverige AB 556711-5695 TERMINALVÄGEN 24 171 73 Solna

It claims the recipient has a package on hold due to unpaid customs and urges them to click the link to start the process.

Coworker impersonation and changes in payroll request

Hox rating: ★★✩✩  

Threat type: Spear-phishing

Payload: Pretext

Region: Global

Analyst: Reetta Sainio

Date: 05.05.2023

This spear-phishing email involves a coworker impersonation, where the coworker asks to update their bank details for the next payroll round. The email contains the actual name and role of the coworker, which adds credibility to the message.

Hi [First name], I want to change my banking information before the next payroll is finalized. What details do you need? Regards, [Coworker's name] [Coworker's role]


The intention is for the recipient to reply to the email and help change the bank details to the attacker’s information.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.