Why Hoxhunt?
Solutions
CustomersPricing
Resources
Company
Sign inRequest demo
Hoxhunt black logoRequest a demo
publishing date icon
June 30, 2023
read time icon
5 min. read

Threat feed week 26: Microsoft malicious links, including QR codes, government spear-phishing, and other impersonations

Author image
Threat Analyst Team
Post hero image

Table of contents

share this post

Microsoft service impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Europe

Analyst: Julia Kylmälä

Date: 26.06.2023

This message claims that unusual activity was detected on the recipient’s account and urges them to click the link to verify the account.

Furthermore, it appears more legitimate by apparently coming from the recipient’s company’s address. This isn't the case—the sender domain is spoofed.

Suomi.fi authority impersonation

Hox rating: ★★★★

Threat type: Spear-phishing

Payload: Malicious link

Region: Finland

Analyst: Suvi Hakala

Date: 26.06.2023

This spear-phish impersonates Suomi.fi, a Finnish e-government service. It claims the recipient’s been granted a one-time housing allowance from government support.

This campaign targets the victims of the Vastaamo data breach, and the recipient’s real personal information is included in the email. For added legitimacy, the messages have been sent from various flash attack domains such as suomi-fi-gov.com and gov-suomi.com.

Company impersonation, with legal and financial urgency

Hox rating: ★★★✩

Threat type: Spear-phishing

Payload: Pretext

Region: Global

Analyst: Suvi Hakala

Date: 26.06.2023

This phish is part of a rising invoice phishing trend. These emails fraudulently inform the recipient of an unpaid invoice and bring up legal intervention. Despite the mention, there's no attached invoice—the campaign is pretexting.

These emails impersonate multiple companies, including large law firms, by using various flash attack domains.

Office 365 QR code impersonation

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious QR code

Region: Global

Analyst: Reetta Sainio

Date: 26.06.2023

This phishing email attempts to impersonate Office 365 and uses a QR code to deliver the payload. The message claims the recipient has received a notification about a new document shared with them. The recipient must scan the QR code to access the file.

Scanning the code redirects the recipient to a Microsoft credential harvester.

Microsoft Planner service impersonation

Hox rating: ★★★✩

Threat type: Spear-phishing

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 27.06.2023

This spear-phishing campaign impersonates Microsoft Planner with a copied template. It claims the recipient's been assigned to a new team, thus invoking curiosity and urging the recipient to click the link.

The email contains the recipient’s real job role and company headquarters address.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and evolving phishing threats in the ever-changing landscape.

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.