COVID-19 restrictions are easing across the nation, allowing the workforce to return to their offices and normal work-lives before the pandemic began. Monitoring the shift in the physical work locations are scammers and hackers, who are poised to exploit these changes for their benefit.

Within the past 18 months, remote professionals were met with increased attempts of targeted scam attempts by phone, email, and door-to-door attempts.

Targeting professionals returning to work is an email-based phishing campaign with a message from their CIO. The email is reported to look real, which includes their current logo at the top and a spoofed signature from the executive. The body consists of new COVID-19 precautions and operations updates.

Employees who aren't aware of how to spot phishing attempts may be fooled enough to click the link and will be taken to a set of pages mimicking Microsoft SharePoint that show their company's official logo. A login panel opens up requesting their login information in order to view the update. If a user doesn't look at the pages carefully, they won't notice the inaccuracies in the content. Once the login credentials are entered a few times, they are redirected to a real Microsoft page showing their account and, unfortunately, are unaware they also successfully gave their accurate credentials to a hacker.

Workers who continue to be remote and are returning to the office can be more aware of these malicious threats to them and their company. In addition, organizations can strengthen their infrastructure.

Get Faster Incident Detection, Faster Incident Response and Shorter Recovery Times with our Email Security and Cyber Risk Assessment. Book your consultation by visiting the CYBER BUYER calendar.