Going Back to the Office?
You’re a Perfect Target for Phishers

Employees returning to the office can expect cyber crooks to impersonate their colleagues and company executives. Judging by earlier campaigns, attackers will hit you with emails made to look like they’re coming from HR or possibly from the CEO. Here are some of the likely lures they’ll be using…

If you, like millions, are mulling a return to the physical office after a year working from home, be warned.  Criminals have been exploiting people’s fear and curiosity regarding the COVID-19 pandemic from the very start, and experts say this is sure to continue as long as the virus affects our private and professional lives.

Phishing attacks have continually exploited public interest in COVID-19 relief, variants, and vaccines by spoofing the Centers for Disease Control, the IRS, the Department of Health and Human Services, the World Health Organization, and others.

New attacks

Now, according to researchers at security firm Inky, employees returning to work in offices and other company premises can expect cyber crooks to impersonate their colleagues and company executives.  Judging by earlier campaigns, attackers will hit you with emails made to look like they’re coming from HR, or possibly from the CEO.

Lures will likely include:

  • Phony surveys regarding workers’ willingness to receive a vaccine.
  • Alleged new internal precautionary measures, supposedly to support health and safety.
  • Information about changes in rules and new security roles within the company.
  • Requirements to review new policies.

What you can do

  • If your employer is beginning to move workers back to company premises, be extremely skeptical about any notification emails you receive.  Remember, spearphishing messages may look completely legitimate, with company logos and actual (spoofed) return addresses.
  • Don’t let any email cause you to perform an action that feels wrong, such as transferring company funds or divulging your password.
  • Use the phone to confirm any email requests that strike you as unusual or “not quite right.”

© National Security Institute, Inc. www.nsi.org

SecuritySense is a subscription service that provides you with concise, easy to understand and easy to read employee cyber security awareness content. 

Subscribers receive articles and stories that support your employee security and cyber security awareness training program at a very cost effective price

 

SecuritySense

Protect Yourself & Your Company From Cybercrime

We Make it Easy to Promote Employee Security Awareness Throughout the Company in a Way That’s Well Received by Everyone

Content Needs a Strategy to Work

People pay attention to content they find personally relevant.  Learn more about our content strategy

What’s Missing from Your Cyber-Strategy?

Awareness is a state of mind you’re trying to get you company into. Find out what really gets you there.  Learn how to persuade people 

Compare Our Per Employee Cost

Talk about cost-effective! Compare our per employee annual cost with what you might pay for training platform seat licenses. It’s a no-brainer to add SecuritySense to your programSee pricing