The Covid pandemic has affected the entire world in various ways. Hackers have repeatedly used it as a foothold to gain access to networks and devices by exploiting fears, spreading misinformation, and duping innocent victims.
Return to Work Instructions: The Latest Ploy
The latest ploy being used by hackers is through malicious emails that appear to come from a company’s CIO. The subject is “CIO Pandemic Guidelines.”
Using a spear-phishing technique, bad actors have been crafting fake emails and sending them out to company employees who will be returning to the office soon as Covid-19 restrictions are lifted. A large portion of the population has now been vaccinated; therefore, offices are starting to reopen. The emails are believable because they appear to come from the company’s CIO welcoming employees back to the office and providing explicit guidelines for returning.
The ruse is designed to steal company credentials. The trick is actually quite sophisticated in that the email appears very legitimate using the company logo and signed by the CIO. However, the instructions are where things turn nasty.
The user is sent to a Microsoft SharePoint page with two company documents outlining new procedures. At this point, nothing is stolen, and the user may feel comfortable seeing documentation with the company logo that appears to be real. On Thursday, a report issued by Cofense explained that “Instead of simply redirecting [victims] to a login page, this additional step adds more depth to the attack and gives the impression that they are actual documents from within the company.”
However, if the user clicks on either of the pages, a log-in pop-up will appear, prompting them to enter their login credentials. Cofense explains,
“This is uncommon among most Microsoft phishing pages where the tactic of spoofing the Microsoft login screen opens an authenticator panel. By giving the files the appearance of being real and not redirecting to another login page, the user may be more likely to supply their credentials in order to view the updates.”
Another layer designed to complete the elaborate ruse is the user will receive a message a few times saying, “Your account or password is incorrect.” The user will then be redirected to a legitimate Microsoft page. Where they will think they have logged in correctly and can now access the pages.
Hackers have been using various Covid-related tactics to steal credentials, extort ransom and penetrate networks. This is simply the latest flavor to emerge as things change due to Covid vaccinations and restrictions relief.
How Workers Can Remain Safe
To protect themselves in the workplace and as they transition from a remote workforce back to the office, there are things workers can do to remain safe. Some suggestions are:
- Always verify the sender of an email before trusting that it is legitimate.
- Never click a link in an email.
- Do not download attachments in emails unless you are sure where they came from.
- Watch out for phishing emails, especially spear phishing.
- Always be on the lookout for fraud and scams.
- When you visit a login page, check the URL to confirm it is correct and encrypted.
- Never enter your credentials when prompted to do so unsolicited.
- Always keep antivirus/anti-malware software running on all your devices.
- Keep all your devices updated with the latest security patches.
- Use common sense and always remember that if something “sounds too good to be true,” then it probably is.
- Invest in a VPN to mask your online activities and protect your IP address.