Message From Al jeraisy's HR_Portal March 26, 2026 49488

From: Al jeraisy Organizational Services – HR/ADM INISTRATIVE GROUP /CN=RECIPIENTS/CN-49488 <corporate@yourlink.ca>Mar 29, 2026, 6:30 PMac28558e...09c686

completedMalicious99%

Malicious99% confidence

Malicious QR-phishing email. The attached PDF poses as an updated Al jeraisy HR policy document and instructs the recipient to scan a QR code to access the file. Deep analysis of the PDF extracted a QR code leading to a malicious multistage phishing chain. Browser analysis confirmed the URL impersonates OneDrive and Adobe Acrobat Sign and ultimately abuses Microsoft device login flow device-code flow to harvest access. The sender/addressing is inconsistent with the claimed organization, and the attachment is the primary lure.

PhishingCredential HarvestingQR PhishingMultistageBrand ImpersonationAttachment-BasedLink-Based

URLs analyzed2

Malicious URLs1

Suspicious URLs0

Documents1

Artifacts10

QR codes1

URL Signals

2 analyzed

Benignaka.ms

https://aka.ms/LearnAboutSenderIdentification

Maliciousb4aejvja.hascokorea.com

https://B4aEjvjA.hascokorea.com

https://login.microsoftonline.com/common/oauth2/deviceauth

Documents

1 processed

PdfAl jeraisy_HR POLICY_eelsayed@jccs.com.sa_49488.pdf

0 URLs · 1 QR · 1 risk flags · 10 artifacts

Authentication

spfUnknown

dkimUnknown

dmarcUnknown

Envelope

From

Al jeraisy Organizational Services – HR/ADM INISTRATIVE GROUP /CN=RECIPIENTS/CN-49488 <corporate@yourlink.ca>

Reply-To

n/a

Attachments