Why Hoxhunt?
Solutions
CustomersPricing
Resources
Company
Sign inRequest demo
Hoxhunt black logoRequest a demo
publishing date icon
October 13, 2023
read time icon
5 min. read

Threat feed week 41: Microsoft, Walmart, QuickBooks, HR impersonations, QR codes, and fake login pages

Author image
Threat Analyst Team
Post hero image

Table of contents

share this post

Microsoft storage impersonation

“Final Reminder: Mailbox System Exceeded”

Hox rating: ★★★✩

Threat type: Bulk phishing

Payload: Malicious link

Region: Europe

Date: 09.10.2023

This phishing email impersonates Microsoft.

Microsoft impersonation “Final Reminder: Mailbox System Exceeded”

The recipient is asked to ‘free more space’, which is actually a link leading to a fake Microsoft login site used to harvest the user's credentials.

Analyst: Wivi Koenkytö

Walmart impersonation

“Walmart+ Membership: Secured and Confirmed! 🛍️”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Global

Date: 09.10.2023

This phishing email impersonates Walmart’s services.

Walmart impersonation “Walmart+ Membership: Secured and Confirmed! 🛍️”

The message’s goal is to get the recipient to call the malicious phone number by giving invoice details of a subscription that the recipient hasn’t actually purchased.

Analyst: Wivi Koenkytö

Microsoft QR code impersonation

“Microsoft Security Policy”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious QR code

Region: Global

Date: 09.10.2023

This email impersonates Microsoft by claiming that two-factor authentication access must be re-authenticated to avoid restricted access.

Microsoft impersonation “Microsoft Security Policy”

The email claims that failure to scan the QR code can lead to data loss due to a ‘buffer overrun’.

Analyst: Siiri Latola

QuickBooks impersonation

“Plan Renewal Confirmed: Payment Successfully Processed”

Hox rating: ★★✩✩

Threat type: Bulk phishing

Payload: Malicious phone number

Region: Europe

Date: 13.10.2023

This email impersonates QuickBooks. It attempts to create a scenario where the recipient ordered a Business Essentials Plan from QuickBooks.

QuickBooks impersonation “Plan Renewal Confirmed: Payment Successfully Processed”

To cancel the order, the recipient has to call a malicious phone number.

Analyst: Kaarlo Mahlberg

Microsoft fake login

“Mircosoft Billing Declined”

Hox rating: ★★★✩

Threat type: Bulk phishing

Payload: Embedded malicious login form

Region: Global

Date: 13.10.2023

This phishing email imitates Microsoft’s login prompt. The message embeds a malicious login form directly within the email body, designed to deceive the recipient.

Microsoft fake login “Mircosoft Billing Declined”

The goal is to trick the user into entering their credentials, which are then captured and sent to unauthorized individuals for malicious purposes.

Analyst: Sampo Lenkola

HR impersonation

Annual Leave Compliance Report for 2023

Hox rating: ★★✩✩

Threat type: Advanced campaign

Payload: Malicious link

Region: Global

Date: 13.10.2023

This phishing email is impersonating HR. The recipient is prompted to click the link to see if they comply with the company’s Annual Leave Plan.

HR impersonation “Annual Leave Compliance Report for 2023”

The goal is to use urgency to make the recipient click the link before hovering over it.

Analyst: Minna Herlevi

Keep up with the threat feed

Don’t miss the next threat feed, and subscribe to our newsletter for the latest feed and cybersecurity content. Stay informed and stay safe!

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.