Employees Returning to Their Offices Post-COVID Restrictions are Being Targeted by Hackers, Stealing Their Account Credentials

Sophie Webster, Tech Times 01 June 2021, 03:06 pm

Employees are now going back to their respective offices since COVID-19 restrictions have been lifted. So now, hackers are being forced to change their tack.

While remote workers were the main target of scammers last year due to the mass change to home working caused by the pandemic, a new phishing campaign is attempting to exploit those who have started to return to their physical workplace.

Employees Targeted by Hackers

The email-based campaign that is observed by Cofense is targeting office employees with emails that are masking to come from their CIO welcoming them back into their offices.

The email looks legitimate, and it even has the company's official logo in the header and being signed spoofing the CIO.

The bulk of the message outlines the new precautions and changes to business operations that the company is taking relative to the pandemic.

Also Read: For $16, Companies Can Reroute Your Text Messages To Hackers Without Your Consent

If an employee opens a phishing email, they would be redirected to what looks like a Microsoft SharePoint page hosting two company-branded documents.

Dylan Main, the threat analyst at Cofense's Phishing Defense Center, said that when interacting with these documents, it becomes apparent that they are not authentic and instead are phishing mechanisms to garner account credentials.

However, if a victim decides to interact with either of the document, a login panel appears and prompts the recipient to give login credentials to access the files.

Main added that this is uncommon among most Microsoft phishing pages where the tactic of spoofing the Microsoft login screen opens an authenticator panel.

By giving the files the appearance of being real and not redirecting to another login page, the user may be more likely to give their credentials in order to view the updates.

Another method that hackers are using is sending fake validated credentials. The first few times that the login information is entered into the panel, the result will be the error message stating that either the account or the password is incorrect.

Targeting Workplaces

While this is one of the first campaigns that has been observed targeting employees returning to the workplace, it is not the last.

Both Microsoft and Google have started welcoming staff back to office cubicles, and the majority of executives expect that 50% of employees will be back working in the office by July, according to PwC.

Tonia Dudley, a strategic advisor at Cofense, told TechCrunch that they saw threat actors follow the trends throughout the pandemic, and they expect that they are likely to leverage themes of returning to work in their attacks in the coming months.

Dudley added that they can expect remote workers to continue to be targeted by threat actors as well.

The threat actors usually adapt to exploit the global environment.

Just as the change to mass working over remote connections has led to an increase in the number of attacks attempting to exploit remote login credentials, it is most likely that the number of attacks targeting on-premise networks and office-based workers will still grow the next few months.