Ah, yes, the old click-here-for-your-salary-history scam. Who wouldn’t want a helpful link from their company with salary history details? Click here to open the spreadsheet, click through the macro warnings, and enjoy the payload it leaves inside your computer.
I especially like the nice detail, “This link only works for direct recipients of this message.” Makes it sound official.
It has a couple problems. Infraspport has been dormant since 2015, and even before that, I was the only employee, so the odds are pretty high that I would know whether or not my company created such a spreadsheet.
The advertised sender looks phishy. It claims to come from HR, but then uses my email address. It could still pass muster. Some companies might present it that way. But if you’re going to advertise it coming from HR, why not just keep the lie consistent?
Note that anyone can impersonate anyone else they want over email, and no foolproof technology exists to stop it. Scammers exploit this architectural weakness all the time.
I’ll give this one a C. It will fool some people. But it won’t fool you. Don’t phall for phishing.
For more phishing samples, see my phish collection.