Security News > 2021 > April > Phishing impersonates global recruitment firm to push malware
An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.
Attackers spoofing Michael Page UK. "We are continuing to experience a global phishing campaign where our employees are being impersonated," Michael Page UK said.
"We are confident that no PageGroup system has been compromised," the parent company added, confirming that the attackers haven't breached the recruitment consultancy's servers and are only spoofing employees in the phishing emails sent to random targets.
"These phishing emails are being generated from publicly available information not linked to our business and are being then sent on to random email recipients," PageGroup revealed.
In phishing emails sent as part of this campaign seen by BleepingComputer, attackers posing as Michael Page UK headhunters are luring targets with executive positions.
These emails use embedded links to redirect potential victims to phishing landing pages featuring GeoIP and antibot checks, according to a security researcher known as TheAnalyst.