Going Back to the Office?
You’re a Perfect Target for Phishers
Employees returning to the office can expect cyber crooks to impersonate their colleagues and company executives. Judging by earlier campaigns, attackers will hit you with emails made to look like they’re coming from HR or possibly from the CEO. Here are some of the likely lures they’ll be using…
If you, like millions, are mulling a return to the physical office after a year working from home, be warned. Criminals have been exploiting people’s fear and curiosity regarding the COVID-19 pandemic from the very start, and experts say this is sure to continue as long as the virus affects our private and professional lives.
Phishing attacks have continually exploited public interest in COVID-19 relief, variants, and vaccines by spoofing the Centers for Disease Control, the IRS, the Department of Health and Human Services, the World Health Organization, and others.
Now, according to researchers at security firm Inky, employees returning to work in offices and other company premises can expect cyber crooks to impersonate their colleagues and company executives. Judging by earlier campaigns, attackers will hit you with emails made to look like they’re coming from HR, or possibly from the CEO.
Lures will likely include:
- Phony surveys regarding workers’ willingness to receive a vaccine.
- Alleged new internal precautionary measures, supposedly to support health and safety.
- Information about changes in rules and new security roles within the company.
- Requirements to review new policies.
What you can do
- If your employer is beginning to move workers back to company premises, be extremely skeptical about any notification emails you receive. Remember, spearphishing messages may look completely legitimate, with company logos and actual (spoofed) return addresses.
- Don’t let any email cause you to perform an action that feels wrong, such as transferring company funds or divulging your password.
- Use the phone to confirm any email requests that strike you as unusual or “not quite right.”
© National Security Institute, Inc. www.nsi.org
Recent SecuritySense Posts
- 4 Things Crooks Love to See In Your Social Media Profile
- FAQ: Security and the Cloud
- The Ransomware Perfect Storm
- Children More at Risk Online During Pandemic
- Going Back to the Office? You’re a Perfect Target for Phishers
- 5 Social Engineering Tactics Criminals Are Using
- April Scam Watch
- Top 4 Emotions Used in Social Engineering
- Security Is Critical to Pandemic Recovery
- Using Instagram Securely
SecuritySense is a subscription service that provides you with concise, easy to understand and easy to read employee cyber security awareness content.
Subscribers receive articles and stories that support your employee security and cyber security awareness training program at a very cost effective price
Protect Yourself & Your Company From Cybercrime
We Make it Easy to Promote Employee Security Awareness Throughout the Company in a Way That’s Well Received by Everyone
Content Needs a Strategy to Work
People pay attention to content they find personally relevant. Learn more about our content strategy
What’s Missing from Your Cyber-Strategy?
Awareness is a state of mind you’re trying to get you company into. Find out what really gets you there. Learn how to persuade people
Compare Our Per Employee Cost
Talk about cost-effective! Compare our per employee annual cost with what you might pay for training platform seat licenses. It’s a no-brainer to add SecuritySense to your program. See pricing