May 07, 2021 06:00:00

It is confirmed that there is a phishing email requesting login information to the in-house system in exchange for tens of thousands of yen.

The existence of phishing emails requesting login information to internal systems has been confirmed in the United States in exchange for tens of thousands of yen. Technology media

Motherboard has conducted a detailed investigation into this phishing email and reports information on companies that may be closely related.

'Phishing' Sites Buying Workplace Login Details Linked to Well-Funded Startup
https://www.vice.com/en/article/7kvvbb/argyle-payroll-login-phishing

The existence of phishing emails asking for login information to internal systems in exchange for money was reported by security expert Kevin Beaumont.

Really crazy bit of phishing targeting companies across the US-

You provide your work credentials (current or past employer), and if they validate they give you a $ 500 PayPal transaction and $ 25 for each month they continue to work.

workplaceunite / .com and workplaceunited / .com pic.twitter.com/VEBnL7vGQD

— Kevin Beaumont (@GossiTheDog) March 31, 2021

Looking at the content of the email that Beaumont posted on Twitter, the phishing email in question was sent by an organization called 'Workpalce Unite,' which said, 'Providing login information about internal systems at your current and past workplaces costs $ 500. You can see that there are invitations such as 'pay 15,000 yen' and 'check if you can log in every month, and if you can log in, pay $ 25 (about 2700 yen) every month'.

In addition, Beaumont revealed that an organization called 'Workpalce Unite' is associated with multiple domains such as 'workplaceunite.com' and 'workplaceunited.com', which are run by startup Argyle. I found out that it was.

I have some pretty big questions about how

@withArgyle are operating a range of websites which harvest credentials of organisations, and suspect orgs probably need to examine if employees have been providing them. Pic.twitter.com/8cOGrnpQCb

— Kevin Beaumont (@GossiTheDog) April 1, 2021

According to Motherboard, Argyle is a service that 'collects information about salaries and employment history and provides users with access to that information.' Also, when checking Argyle's corporate philosophy published on the business information disclosure service ' Crunchbase ', it is stated that 'We aim to maximize the value of workers' information', which is stated by Workpalce Unite. Motherboard points out that it is the same as the idea.

Motherboard said, 'If an employee or former employee provides login information to the internal system to others, it may violate US law,' and received a phishing email asking for login information to the internal system. I warn you not to provide any information.