A new phishing campaign has been identified that targets remote workers that will soon be returning to the workplace and claims to include information on coronavirus training. The campaign is one of the most realistic phishing scams in recent weeks, as it is plausible that prior to returning to the office after lockdown would involve some changes to workplace procedures to ensure employee safety.
This campaign targets Microsoft Office 365 users and attempts to obtain users’ Office 365 credentials under the guise of a request to register for COVID-19 training. The emails include the Office 365 logo and are short and to the point.
They just include the text, “COVID-19 Training for Employees: A Certificate For Healthy Workspaces (Register) to participate in Covid-19 Office Training for Employees.”
The message includes a button to click to register, and the emails claim to be “powered by Microsoft Office 365 health safety measures.”
Clicking the link will direct the user to a malicious website where they are required to enter their Office 365 credentials.
This campaign, like many others to have emerged over the past few weeks, closely follow world events. At the start of the pandemic, when there was little information available about COVID-19, phishers were offering new information about COVID-19 and the Novel Coronavirus. As more countries were affected and cases were increasing, incorporation was being offered about local cases in the area. Now that most countries have passed the peak of infections and lockdowns have helped to bring the virus under control, tactics have changed once again.
Campaigns have been detected in the United Kingdom related to the new Track and Trace system being used by the NHS to help control infections warning users that they need to purchase a COVID-19 test. Another campaign targeted parents who are experiencing financial difficulties due to COVID-19, asking for bank account information to allow them to receive a support payment from the government. Messages have also been detected about Free school dinners over the summer, now that the UK government has said that it will be providing support to parents.
There have been several campaigns that have taken advantage of the popularity of the Black Lives Matter movement following the death of George Floyd. This campaign asked recipients of the email to register their opinions about Black Lives Matter and leave a review, with the campaign used to deliver the TrickBot Trojan.
What these phishing campaigns clearly demonstrate is the fluid nature of phishing campaigns, that are regularly changed to reflect global events to maximize the chance of the emails being opened. They show that users need to remain on their guard and be alert to the threat from phishing and always take time to consider the legitimacy of any request and to perform a series of checks to determine whether an email is what it claims to be. This can be tackled through security awareness training, which should be provided to employees regularly.
Naturally, the best defense is to make sure that these emails are blocked and do not reach inboxes, which is why it is important to have layered defenses in place. An advanced spam filtering solution such as SpamTitan is required that uses machine learning and other advanced detection measures to identify new phishing scams along with measures to detect previously unseen malware variants. As an additional layer of protection, you should consider implementing a web filtering solution such as WebTitan that provides time-of-click protection to block the web-based component of phishing attacks and stop drive-by malware downloads. Alongside security awareness training, these solutions will help you to mount a formidable defense against phishing attacks.