Withlifting and employees starting to make their way back into offices, hackers are forced to change tack. While remote workers have been scammers’ primary target for the past 18 months due to the mass shift to , a new phishing campaign attempts to exploit those who have started to return to the physical workplace.
The email-based campaign, observed by Cofense, targets employees with emails purporting to business operations relative to the pandemic.into offices. The email looks legitimate enough, logo in the header and being signed, spoofing the CIO. Most of the message outlines the new precautions and changes to the company’s
If an employee were to be fooled by the email, they would be redirected to what appears to be a Microsoft SharePoint page hosting two company-branded documents. “When interacting with these documents, it becomes apparent that they are not authentic and are phishing mechanisms to garner account credentials,” explains Dylan Main, threat analyst at Cofense’s Phishing Defense Center.
However, if a victim interacts with either document, a login panel prompts the recipient to provide login credentials to access the files. “This is uncommon among most Microsoft phishing pages where spoofing the Microsoft login screen opens an authenticator panel,” Main continued. “By giving the files the appearance of being real and not redirecting to another login page, the user may be more likely to supply their credentials to view the updates.”
Another technique the hackers employ is the use of fake validated credentials. The first few times login information is entered into the panel, the result will be the error message that states: “Your account or password is incorrect.” “After entering login information a few times, the employee will be redirected to an actual. “This gives thshowse login information was correct, and the employee now has access to the OneDrive documents. In reality, the threat actor now has full owner’s information.”
While this is one of the first campaigns observed targeting employees returning to the workplace (Checkuncovered another last year), it’s unlikely to be the last. Both Google and Microsoft, for example, have started welcoming staff back to office cubicles. Most executives expect that at least 50% of employees will be back working in the office by July, .
“We saw threat actors follow the trends throughout the pandemic, and we expect they are likely to leverage themes ofin their attacks in the coming months,” Tonia Dudley, a strategic advisor at Cofense, told TechCrunch. “We can expect remote workers to continue to be targeted as well. While employers begin to to the office, we’ll likely see a hybrid work model moving forward. Both groups will be targets for phishing attacks.”
Threat actors typically adapt to exploit the global environment. Just as the shift to mass working over remote connections led to an increase in the number ofon-premise networks and ofice-based workers will continue likely continue to growing months.