Phishing attacks target workers returning to the office

Emails with fake COVID-19 training materials are trying to trick employees into sharing their Microsoft credentials, says Check Point Research.

phishing-via-internet-vector-illustration-fishing-by-email-spoofing-vector-id665837286.jpg

Image: GrafVishenka, Getty Images/iStockPhotos

The coronavirus has been a subject ripe for exploitation and abuse by cybercriminals with phishing campaigns, malicious websites, and phony apps. Now that organizations in some parts of the world are trying to reopen, recent phishing attacks observed by the cyber threat intelligence provider Check Point Research are targeting employees returning to the office.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium) 

In a Thursday blog post, Check Point noted that organizations welcoming back workers are enacting testing programs and workplace rules to guard against COVID-19 infections. To prepare employees, many companies are offering webinars and training videos to explain the new rules and requirements. Of course, cybercriminals are aware of this trend and are actively exploiting it.

In phishing campaigns observed by Check Point, attackers are deploying emails and malicious files masquerading as COVID-19 training materials. One particular email tries to trap the recipient into signing up for a phony employee training seminar. Clicking the link in the email actually leads the person to a malicious website designed to capture their Microsoft credentials.

coronavirus-phishing-email-check-point.jpg

Check Point Research

But the level of cyberattacks exploiting COVID-19 vary based on each region and its return-to-work status. Areas such as Europe and North America, where organizations are returning to work, have seen a decline in the number of malicious coronavirus-related attacks. Areas such as Latin America and South Africa that are still grappling with the virus are seeing a rise in the number of such attacks.

Of course, cybercriminals are happy to pounce on any topic in the news to spread malware. Another phishing campaign spotted by Check Point is taking advantage of the current Black Lives Matter movement. In one specific attack seen in early June, emails were sent out with such subject lines as "Give your opinion confidentially about Black Lives Matter," "Leave a review anon about Black Lives Matter," or "Vote anonymous about Black Lives Matter."

The emails contains a file attachment in the form of a Microsoft Word document named "e-vote_form_####.doc," with the #### representing different digits. This attachment plays host to two malicious URLs, and clicking on it launches the Trickbot malware, a trojan designed to steal information from the targeted machine.

Since the pandemic started around the beginning of 2020, the number of coronavirus-related cyberattacks have gone down. Such attacks fell to 130,000 per week during the first week of June, a drop of 24% from the average number in May. But the number of overall weekly cyberattacks in June have increased by 18% from May.

Also see