During the COVID-19 pandemic, we were warned about the cyber risks associated with a remote workforce. There is also a risk upon a return to the office.
Tech Crunch reported on a new phishing scam targeting staff as they prepare to return to their offices. The scam involves an email that appears to come from the CIO welcoming them back to the office. The email looks legitimate, even bearing the company's official logo in the header and being signed by the spoofed CIO. The email explains the new precautions and business changes the company is making to address the pandemic.
The email links to a Microsoft SharePoint page hosting what appear to be two company-branded documents. Should the recipient decide to interact with either document, a login panel appears and prompts the recipient to provide login credentials to access the files. This is how the threat actors harvest your credentials.
The best way for your organization and staff to deal with this scam is to be aware of it. Whether your staff continues to work from home, return to the office, or decide to go with a hybrid model, they all need to be aware of these types of phishing campaigns. Cyber awareness training will be a key differentiator. Teach employees how to tell the difference between a real email from the CIO and a “spoofed” one. Continue the discussion with staff about what types of scams you have heard about and what to do if they should come across one.
For all your cyber awareness training needs, trust the experts at Quick Intelligence. Quick Intelligence can help your staff prepare for phishing emails to come their way.