Threat Alert: Company Policy Phishing Lures Bypass MFA 

• Cybercriminals have launched a series of phishing attacks using an alleged policy update from an HR department as a lure. 
• These lures purportedly come from the “Human Resource Team” and use the subject line “2024 Employee Policy Documents.” 
• The emails contain PDF documents that, if opened, lead to a lookalike Microsoft site. 
• These sites encourage recipients to enter their Microsoft login credentials to access the documents. 

Key Actions (at Work and at Home) 

• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to provide credentials. It can be tempting to click on a “callto-action.” But if you notice a subtle change or inconsistency within a message claiming to be from HR or another internal department, don’t ignore it—report it.  
• Don’t confuse familiarity and safety. It’s easy for attackers to abuse well-known logos and brands. Attackers can create lookalike websites to trick you into entering your login credentials. Always verify the website’s URL and navigate directly to a trusted website instead of following a link in an email.   
• Report ANY suspicious emails using the Phish Alarm button. Remember: Our organization occasionally sends phishing simulations.