Watch Out for “Back to Work” Memos
Is your HR department circulating memos telling staff that it’s time to come back into the office? Scammers are using a new phishing scam to steal employee credentials. Here’s how it works.
According to the firm Abnormal Security, scammers are trying to steal email credentials from employees by impersonating their organization’s human resources department in phishing emails camouflaged as internal back-to work memos. The messages have managed to land in thousands of targeted individuals’ mailboxes.
Experts say there’s a high probability that some of the targets will fall for the scam, given that during the COVID-19 pandemic companies have regularly emailed their employees with updates regarding remote working policy changes.
Here’s how they work
Phishing emails delivered through this campaign spoof the victims’ company mail service and are designed to look like automated internal company memos with attached voicemails. This tactic is used to convince targets that the messages originate within their own company, thus increasing the likelihood that victims will share sensitive information when asked for it in later stages of the attack.
Here’s what you should do
It’s a good time to reiterate some basic, yet powerful, anti-phishing tips:
Remember, it’s easy for attackers to imitate, or “spoof,” email graphics and addresses. A phishing message may look completely genuine.
If you’re suspicious about who sent an email, hover your cursor over the sender’s email address—this often reveals a different actual sender.
Never click a link in an email unless you’re 100% certain of its legitimacy.
Phishing attacks use various tactics to persuade victims to perform actions they know they shouldn’t, such as parting with logon info or transferring funds. If an email gives you any sort of this-is-not-right feeling, stop and look into it.
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 4 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 Social Engineering Tactics Criminals Are Using
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
- Security Is Critical to Pandemic Recovery
- Using Instagram Securely
Protect Yourself & Your Company From Cybercrime
Solution Overview
SecuritySense is a subscription-based content service that delivers you a consistent supply of fresh cybersecurity awareness content so you can easily maintain an ongoing cybersecurity brand awareness campaign
Unique Content Strategy
People pay attention to content they find personally relevant. SecuritySense doesn’t feel like you’re being given extra work to do. It’s a blend of personal and work-relevant cybersecurity tips, warnings, human interest stories, instructions, news and insights that everyone looks forward to receiving. More about our content strategy
The Secret to Creating Awareness
Brand marketers know if you want to create awareness you have to do two things. Steadily promote your message and make sure that message offers content that personally resonates with your audience. SecuritySense makes it easy for you to do both.
Compare Our Per Employee Cost
Compare our per employee annual cost with the $8.00 – $20.00 seat licenses you might pay for training platforms. It’s a no-brainer to add SecuritySense to your overall program.
See pricing