New phishing Alert! New campaigns are made for Office 365 users who are returning to the workplace with Coronavirus training resources according to the experts.
Author Saif Ahmed Bhuiyan | NITS DiGi, July 13, 2020
Attackers are finding new techniques. They are using Coronavirus lures for different regions. In regions where Covid-19 is still spreading, cybercriminals use COVID-19 lures. In other regions where it is under control and people are returning to their offices, these attackers are targeting them with messages providing employee coronavirus training resources.
As businesses are re-opening, pandemic continues to pose threats when organizations are implementing new testing programs and applying new rules to prevent new infections. Cybercriminals are taking advantage of “New Normal” as organizations are running webinars and training courses to educate employees, hence organizations have detected disturbing phishing emails and malicious files as Covid-19 training materials.
The campaign is targeting Office 365 users, the spam messages include a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.”
The link redirects users to a malicious page designed to trick them into providing their credentials.
According to researchers, this pandemic related attacks are decreasing–with an average number of around 130,000 attacks per week in June, a 24% decrease when compared to May’s weekly average.
It has been observed by the experts that new phishing campaigns are used including Black Lives Matter (BLM) movement among other breaking news.
Experts also observed new phishing campaigns using big breaking news events as bait, including the Black Lives Matter (BLM) movement.
Examples of some infamous subjects
- “Give your opinion confidentially about ‘Black Lives Matter’”
- “Leave a review anon about ‘Black Lives Matter“
- “Vote anonymous about ‘Black Lives Matter”.
Upon opening the spam messages and clicking on the attachment, users are redirected to a page claiming to provide an Office update which actually links to two malicious URLs that load the Trickbot malware.
According to another report “Due to the increase in unemployment, there was an increase in CV-themed cyber attacks in the US and Europe where malicious files disguised as CVs.” concludes the report. “The number of malicious files identified doubled in the last two months with one out of every 450 malicious files being a CV-related scam.”