Threat Alert: Bonus-Themed Lures Harvest Credentials 

• Cybercriminals have launched a series of phishing attacks using annual and Christmas-themed lures. 
• These lures encourage recipients to open an HTML attachment named “Christmas Annual Bonus Letter-December 2023.html” by saying a signature is required. 
• The lures spoof the recipient’s HR departments email header, making the email appear more legitimate. 
• Opening the attachment leads to a webpage featuring a blurred document with an Adobe login window. Entering credentials into the login window leads to credential theft. 

Key Actions (at Work and at Home) 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it leads you to a login page asking for credentials. Remember, if you notice a subtle change or inconsistency within a message claiming to be from an internal department, don’t ignore it—report it. 
• Be extremely cautious of emailed attachments that lead you to an account login page—even if the page looks “right.” It’s always safest to control your own path and log in via known, trusted channels.  
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.