Restrictions imposed across the world due to Covid-19 pandemic are finally being eased up a little as a result of vaccine’s introduction. Physical workplace is returning to the picture as employees end their stint of working from home. In this relatively vulnerable time of transitioning back to normal we knew before the tragedy struck, people are rightfully concerned about their safety. They want to take every possible measure to ensure their body is protected from the deadly virus. Such is their desperation that many of these people are not even verifying the source of information they see regarding how they can better take care of themselves, and some threat actors are taking benefit of just that.
Basically, these threat actors prepare a phishing email that is purposed to look like a memorandum issued by the CIO of the company they are employed at. This email essentially indicates to share post-pandemic cubicle protocols within the office. However, what it really does is it steals your credentials.
This attack is structured to first redirect you to two SharePoint documents that are ingeniously designed to look like official pieces of communication from a company. Once the documents establish a sense of trust with the employee, they prompt you to fill in your login credentials to access further material. This particular tactic drastically increases the chances of employees falling for it. It is also slightly different in its nature from more commonly reported Microsoft-related phishing attacks.
With vaccination administration on the rise and also governments getting uneasy about the scary dip in the economy, it is expected that more and more companies would be able to outline their pathway back to having their staff on premise. HR consultancy, Mercer has reported that over 61 percent of enterprise employers hope to have half or more of their personnel back in the office by the end of the third quarter of 2021. This somewhat of an aggressive bid to return back to the old ways is encouraging the hackers as there is a massive pool of employees they can exploit. With growing number of scam cases, the pressure is building on the cybersecurity agencies to take action at the earliest.