[Annual Policy Amendment – From AdeqHR Portal 8465]

From: Human Resources Compliance Notification System <hr-compliance-noreply@microsoft.com>Mar 30, 2026, 6:39 PMd1475155...e38e39

completedSuspicious93%

Suspicious93% confidence

This message is a likely phishing attempt using an HR policy/amendment lure and a QR-code-based multistage flow. The sender claims to be a Microsoft-based HR compliance system, but the message content impersonates an internal Adeq/Azdeq HR notice and instructs the recipient to scan a QR code to review compensation/policy updates and provide a digital acknowledgment. Deep analysis of the second PNG attachment extracted a QR code pointing to an external domain, horusalerts.com, with the recipient email embedded in the query string. Browser validation could not resolve the domain, so no live credential prompt was observed, but the overall pattern is strongly suspicious and consistent with QR phishing designed to move the victim to a mobile-hosted phishing flow.

PhishingQR PhishingAttachment-BasedMultistageBrand Impersonation

URLs analyzed1

Malicious URLs0

Suspicious URLs1

Documents2

Artifacts4

QR codes1

URL Signals

1 analyzed

Suspicioushorusalerts.com

https://horusalerts.com/?qbzyeeha&email=ahmed.hafez@azdeq.gov

Documents

2 processed

Image0720c9c.png

0 URLs · 0 QR · 2 artifacts

Imagebcaba10.png

0 URLs · 1 QR · 1 risk flags · 2 artifacts

Authentication

spfUnknown

dkimUnknown

dmarcUnknown

Envelope

From

Human Resources Compliance Notification System <hr-compliance-noreply@microsoft.com>

Reply-To

n/a

Attachments