publishing date icon
August 4, 2023
read time icon
5 min. read

Threat feed week 31: Microsoft, QR Code, OneDrive, Amex, and LinkedIn phishes

Post hero image

Table of contents

share this post

Microsoft QR code phishing email

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious QR code and malicious link

Region: Global

Analyst: Suvi Hakala

Date: 01.08.2023

This phishing email pretends to be from Microsoft and uses a QR code to deliver the payload. The message claims the recipient’s password is expired, and they must enable MFA by scanning the QR code.

Microsoft QR code phishing email

Unlike most previous QR phishes, this attack also includes a malicious link. The link uses target recognition to redirect unintended users to a legitimate Microsoft login page.

Microsoft impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi

Date: 04.08.2023

This phishing email is informing the user that their mailbox is almost full. The malicious actor is trying to leverage urgency to get people to click the link to avoid disruption to their email service, which could result in missing emails.

Microsoft impersonation

OneDrive impersonation

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Minna Herlevi

Date: 04.08.2023

This phishing email is impersonating OneDrive. The email claims that you have received a new document through the service, and that you must click the link to access it.

OneDrive impersonation

American Express impersonation

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Europe

Analyst: Julia Kylmälä

Date: 04.08.2023

The email looks like a payment receipt from American Express.

American Express impersonation

The email contains a phone number as the only line of communication, and the attacker relies on the recipient to call the number to cancel the unrecognized payment. Calling the number would most likely result in a huge phone bill.

LinkedIn business fake transaction notification

Hox rating: ★✩✩✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Global

Analyst: Reetta Sainio

Date: 04.08.2023

This phishing email disguises itself as a transaction receipt, using a LinkedIn “slink” to redirect recipients to a deceptive Office website to harvest their credentials.

LinkedIn business fake transaction notification

The “slink” can only be used if you have a LinkedIn business account. In this attack, the attacker took advantage of a hijacked LinkedIn account or created a new one to propagate the malicious link.

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.