As Covid-19 restrictions begin to lift and thousands of employees return back to offices, ending the work-from-home movement, threat actors are ramping up spear-phishing campaigns. The latest campaign consisted of sending employees emails posing as CIOs welcoming employees back into offices. The emails outline a targeted company’s post-pandemic cubicle protocols, attempting to steal company and personal credentials. Cofense described the campaign in a Thursday report, stating that the email appears to be sent from a source within the company as the body contains the company’s logo.
The spoofed CIO email then prompts victims to click on a link to a fake Microsoft SharePoint page that holds two company-branded documents outlining business operations. According to Cofense’s report, the campaign acts to add more depth to the attack and further convince targets that the email contains actual documents from within the company. However, if a victim tries to interact on either document, a login panel appears and asks the recipient to provide login credentials, which are then harvested. The campaign also delivers the message “your account or password is incorrect” several times before allowing the victims access to an authentic Microsoft page.
Read More: Hackers Exploit Post-COVID Return to Offices