The world's premier anti internet scam, anti fraud information blog


Hackers Are Targeting Employees Returning To Work


Hackers are always alert. They take advantage of any situation that makes it easy to steal vital security information from their targets. Currently, with the breakthrough of the COVID-19 vaccines, many companies are recalling employees to their offices. To online fraudsters, this seems like an opportunity to try new hacking tactics. Their main victims are the unsuspecting workers returning to their physical workplaces.

New Phishing Campaign

About 18 months ago, remote workers were the main victims of scammers. However, at this time, Cofense has observed new phishing tactics scammers are using to defraud companies and their employees. The method involves sending emails that threat actors purport to be from the Chief Information Officer (CIO. The emails contain information welcoming workers back to their stations.

For unsuspecting employees, the emails may appear real. They even contain the company’s logo in the header and a fake CIO signature. The body of the email explains several changes the company intends to make due to the COVID-19 pandemic. Of course, at this time, many companies are making specific adjustments and coming up with new employee guidelines. Hackers have capitalized on the moment to create confusion and steal vital company information.

The email received redirects employees who choose to interact with it to a page that looks like Microsoft SharePoint. The page contains two documents with a fake company trademark. Anyone who understands tips that scammers use will simply identify the emails as fake when they click on them.

Interacting with either of the documents leads victims to a login panel. The panel prompts employees to enter their login details to access their files. Most Microsoft phishing pages tricking victims by spoofing the Microsoft login screen redirects users to an authenticator panel. However, this new hacking method does not lead users to another login page. The trick combined with the fake files containing the company details makes users believe that the emails are authentic. Therefore, employees end up providing their login credentials in order to view purported updates.

Fake Validated Credentials

In another trick, hackers have devised a way to use fake validated login details to access accounts of different employees. They do this by sending fake login requests to workers. Those who try to enter their details get an error message stating that the credentials they provided are wrong.

Several login attempts lead victims to a real Microsoft page. Thereafter, users start feeling that the information they have provided was correct. This is because they can now access their OneDrive files. Unknown to them, the fraudsters may have gained entry to the system and gotten access to the company’s files.

Workplaces Should be Vigilant for More Attacks from Hackers

The new phishing campaign is not the first or last attack targeting employees shifting from their workplaces. In the past 18 months, employees working from home have fallen victim to numerous phishing attacks. Many companies like Microsoft and Google prepare to reopen their physical offices. As a result, there will be several attempts from threat actors to hack systems of different organizations. Nevertheless, this does not mean that attacks on remote workers will stop.

Scammers are set to come up with new trends to trick unsuspicious employees. They may apply the tactics at different stages of the pandemic as companies change to adapt to various needs. Fraudsters will never stop exploring loopholes that they can use to get the credentials they need. The magnitude of phishing attacks directed towards office workers may be equal or more to that used by scammers in attempts to access remote login details.

Anti Fraud News Stays On Top Of The Latest Scams & Hackers

Anti-fraud news helps employees and organizations realize hacking threats early and take relative measures. We provide you with important updates and tips on the latest means hackers use to manipulate systems. At this time, when threat actors are using company details to hack systems, don’t be left behind with important news. Take a step ahead of scammers by following us and frequently checking our scam watchers’ blog.