Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

phishing scam new normal coronavirus

Threat actors shift focus from COVID-19 to employee coronavirus training and current events like Black Lives Matter as cyber-attacks continue to rise.

Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift.

The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.”

Instead of a legitimate sign-up page, however, it instead directs users to a malicious link, where they are asked to input their credentials (at the moment that link is inactive), according to a new report from Check Point Research.

Researchers say this campaign is part of a recent increase in cyberattacks that tap into the realities of the “new normal,” as many people across the U.S. return to business.

coronavirusWhile coronavirus-related attacks are decreasing–with an average number of around 130,000 attacks per week in June, a 24 percent decrease compared to May’s weekly average–overall cyber attacks are increasing, said researchers.

Weekly attacks increased 18 percent between May and June, a slight bump from the 16 percent increase between April and May, according to the report.

Overall, the state of businesses in a region in the U.S. or globally depends on the current state of the virus there, and researchers found that in places where there are still active outbreaks, cybercriminal activity related to COVID-19—which a recent report found has followed the trend of news of the virus itself—is still prevalent.

“Our latest data shows that the risk of an organization being impacted by a malicious coronavirus-related website depends on whether the country it is located in has gone back to business or is still under lockdown,” researchers wrote in the report.

Meanwhile, new phishing campaigns aim to take advantage of other trending news – including the Black Lives Matter (BLM) movement, which has spurred mass protests and demonstrations after a video went viral depicting the May 25 murder of  George Floyd by a former Minneapolis police officer.coronavirus phishing

One spear-phishing attack in early June for instance was sent with subjects such as “Give your opinion confidentially about ‘Black Lives Matter’,” “Leave a review anon about ‘Black Lives Matter,'” or “Vote anonymous about ‘Black Lives Matter'” included malicious a malicious doc file typically named in the format, “e- vote_form_####.doc” (#=digit).

If users open the email and clicks on the attachment, they are redirected to a page claiming to provide an Office update which actually links to two malicious URLs that load the Trickbot malware on a victim’s machines.

In terms of mitigation, Check Point continues to promote both email security protections and increased employee awareness to threats as they evolve as solutions for organizations to combat these new campaigns–the same general advice they’ve shared throughout the wave of new threats observed during the COVID-19 pandemic.

“The more phishing scams your employees get exposed to, the less they are prone to falling victim to such attacks,” researchers wrote.

Suggested articles