A phishing campaign used what appeared to be back-to-work notifications in order to compromise recipients’ corporate email accounts.
Near the end of November, Abnormal Security detected one of the campaign’s attack emails. That message masqueraded as an internal notification from the recipient’s company. It did so by using spoofing techniques to disguise the sender address.
The email didn’t originate from inside the company, however. As Abnormal Security explained in its research: