Bad guys are now capitalizing on the benefits election/enrollment season and the yearly pay raise process which usually gets effective Jan 1st. These criminals are still improving their game, these benefits and pay-themed phishing emails are not quite as convincing as the recent tax-themed phishing attacks.

However, you and your users need to be aware of the pay raise and benefits enrollment phishes that have been reported over the past several weeks, most of which are front doors to credentials phishes. Some of these are simply bad, but some are quite creative and take the shape of a personalized benefits survey. Here is an example:

Another form is a phish where your users are invited by their "HR department" to check out their pay increase "as part of a larger organization-wide effort to raise salaries".  The phish has a link that leads to a credentials phishing landing page but looks like a SharePoint document.

Read more at: https://blog.knowbe4.com/heads-up-scam-of-the-week-phishing-attacks-using-better-benefits-and-pay-raise-bait