"Hackers Exploit Post-COVID Return to Offices"

Researchers at Cofense stated that with COVID-19 restrictions lifting and workers trickling back to offices, threat actors are sharpening their spear phishing ploys. The latest scam Cofense discovered includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices. The emails outline a company's post-pandemic cubicle protocols, and at the same time, attempts to steal company and personal credentials. The researchers stated that the body of the email appears to have been sent from a source within the company, giving the company's logo in the header and being signed spoofing the CIO. The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. In this step, the victim is not prompted to input any credentials. Instead of simply redirecting the victims to a login page, this additional step adds more depth to the attack and gives the impression that they are actual documents from within the company. However, if a victim decides to click on either document, a login panel appears and prompts the recipient to provide login credentials to access the files. When a victim provides their login credentials, a message comes up that states "Your account or password is incorrect" several times before taking the victim to an authentic Microsoft page, making them think they've successfully accessed the files.

Threatpost reports: "Hackers Exploit Post-COVID Return to Offices"