BleepingComputer reports that major organizations are having their employees targeted by new phishing attacks exploiting messages concerning annual Human Resources department tasks to facilitate credential exfiltration activities.
Article Link: Annual HR tasks exploited in credential theft campaigns | SC Media