First published: 27th February 2020
A number of Hong Kong email addresses have received an invitation, supposedly from Chief Executive Carrie Lam (CE) to a dinner at Government House.
It apparently targets people who are high-status or arrogant enough to believe the CE would choose them to meet with herself and President Xi Jinping, and obsequious enough to overlook the errors in the message. Notably, the Chief Executive's name is misspelled in her email address, and the address of Government House is not on Government Hill. There is also the expectation that the recipient would be so eager to be there, they would choose to eat and socialise in a crowd during an infectious disease outbreak.
The link to "Get Invitation here" leads to a website attempting to imitate a Microsoft Sharepoint login. presumably with the objective of harvesting high-value login credentials.
Users should be suspicious of unexpected emails; and do not follow links in unverified messages.
An open question is how the attackers chose the target list. General phishing campaigns use topics that are attractive and believable to many, and are sent indiscriminately. However, the topic here is narrowly targetted at people who believe they might be invited to dine with the CE, this makes it far more likely to be a spear phishing campaign. They are normally sent to a list that is highly relevant. Does this indicate that a list of the CE's email contacts has been leaked or stolen?