Phish email pretending to be a voicemail with attached .HTM file with encoded link.
Adds “Message Is From Authorized Access.” in a colored box at the top of the email which appears under the Microsoft or Google phish warnings to try to make it seem legitimate.
Received: angela@themaintco.com
Received: tony 138.91.126.15 via mrelayeu.kundenserver.de 213.165.67.99 and mout.kundenserver.de 212.227.126.130
Phish email pretending to be a sales order that has arrived by a Microsoft cloud looking Fax service. “Sign in to view your fax / E1 Document”
Received from compromised domains swingperfector.com & rosenkranz.co.uk Dkim mentions CollinsBenefits.onmicrosoft.com
Subject: Sales Order Details From (61)(993)-373-3939 Doc.
Phishing link in the email: https://us10.campaign-archive.com/
Text used in the body of the email to make it appear less SPAMMY to filters:
Covid 19 update
All Saber Power Employees,
We would like to thank everyone for their excellent response to the pandemic we have all been experiencing. Saber employees have always risen to meet our challenges head on, and this pandemic is no exception. You have been measured and practical in your response. Everyone’s willingness to adapt and react in support of our company, each other, and our clients we serve has been remarkable, and truly appreciated.
As you are all aware this pandemic and subsequent lockdown has caused enormous economic hardship to millions of people and companies. We are very pleased that we have weathered this disruption with no layoffs or salary reductions. Many companies including some of our competitors have been reducing pay, benefits, and hours. While we are not completely out of the woods, we are extremely optimistic that we have accomplished our goal of not having any such reductions, resulting in a much stronger company going forward. These remarkable results are a testament to the Saber team’s work ethic, culture, and can-do attitude. Well done!
The challenge now is to continue to remain relevant to our customers while defining our new normal. As we do that, we want to ask everyone to use common sense and keep practicing good hygiene and social etiquette. Our next step under the new normal is to open our buildings back up on June 15th, at that time we will resume allowing vendors and customers full access to our buildings. We will also resume offering training classes to our customers and employees on campus. As always if circumstances change, we may adjust this plan.
The health and safety of our employees remains our core value. We continue to ask all of you to self-monitor your health and if you feel ill or have an elevated temperature, stay home, contact your supervisor, and seek appropriate medical attention.
We hope everyone has gotten their 2-million-hour safety award cooler. It should be a nice addition to your 1-million-hour rocking chair while at the beach, campsite, or back patio. Let us all strive to maintain our safety focus and safe work culture, so we all return from work as well or better than we left home, and we can obtain our 3-million-hour safety award.