publishing date icon
July 10, 2023
read time icon
5 min. read

Threat feed week 27: HR, DocuSign, and Police impersonations

Post hero image

Table of contents

share this post

HR impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Suvi Hakala

Date: 02.07.2023

This phishing campaign aims to impersonate the recipient’s HR department. The recipient is told they must review and sign a revised employee handbook.

Phishing emai: Effective immediately below is the revised employee handbook for your review and acknowledgement of our corporate guide and policies which must strictly be adhered to. Note that all employees must submit and acknowledgement o this policy no later than Wednesday, July 12, 2023. Regards, Human Resources

Forged authority and the need to comply with company policies are used as incentives to click the link. The link leads to a credential harvester.  

DocuSign impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi

Date: 06.07.2023

This phishing email attempts to impersonate DocuSign. It claims a pending document is awaiting the recipient's review and signature.

DocuSign phishing email: Document awaiting your review and signature. Please review and sign pending document. Review secure document. Please complete with your electronic signature by following the link above. Thank you!

The malicious actors are trying to leverage curiosity and urgency to get the victim to click.  

Police impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Pretext

Region: Nordics

Analyst: Julia Kylmälä

Date: 07.07.2023

The email claims to be a communication from the local police department, and the attachment accuses the recipient of watching pornography involving minors.

Police authority impersonation phish in Norwegian: Hej, Vedlagt finder du den staevning, der vedrorer dig.

However, the email originates from an unrelated address and is easily recognizable as a phishing campaign.

Keep up with the threat feed

Don't miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.