It doesn’t seem that long ago we were all warned about the cyber risks associated with a mostly remote workforce. Now it seems there is also a risk upon a return to the office.
Tech Crunch has recently reported on a new phishing scam targeting employees as they prepare to return to their offices. This scam involves an email that is made to look like it is coming from their CIO welcoming them back into the office. The email looks legitimate, even sporting the company’s official logo in the header, as well as being signed by the spoofed CIO. The email outlines the new precautions and changes to business operations the company is taking to deal with the pandemic. Seems legit, right?
Instead, the email links to a Microsoft SharePoint page hosting two company-branded documents. Should the recipient decide to interact with either document, a login panel appears and prompts the recipient to provide login credentials to access the files. And just like that the threat actors have your credentials.
So, what can your organization do to avoid this scam? Whether your staff continues to work from home, return to the office, or if you decide to go with a hybrid model, cyber awareness education is key. Teach employees how to tell the difference from a real email from the CIO and a “spoofed” one. Continue the discussion with staff about what types of scams you have heard about and what to do if they should come across one.
Even better, add on managed cyber security services from an MSSP to help you manage and detect any threats coming into your network. Uzado’s team of professionals can help you mitigate your cyber security risk.