In the past few weeks, many of us have had to make drastic changes to the way we live. From juggling work schedules, to helping our children log onto their online classes, or keeping them entertained, and keeping up with the demands of dinner – there has been a lot of keep on track of. Whilst we try to find new ways to keep up with business and our responsibilities at work, the last thing any of us would expect is an email from HR scheduling an urgent meeting by Zoom.
With a subject line as harsh as “Q1 Performance review meeting”, it’s natural for anyone to start panicking about whether they’re going to be next on the Furloughed list. So when panic sets in, no one is going to think twice about checking the authenticity of the email. And that’s when it becomes easy for Cybercriminals to take advantage.
Unfortunately, this is exactly what is happening right now. Cofence, the Security firm have uncovered another nasty scam by Cybercriminals. This time they are targeting remote workers by sending out a phishing campaign masquerading as an email from the “HR department”.
How are people attacked?
The latest Phishing campaign replicates a Zoom invite by convincing recipients to click on the link to login to Zoom for the scheduled call with the HR department regarding their performance. The email contains a fake login page “zoom-emergency.myftp[.]org”, and the phishing domain is hidden with the button “Join this Live Meeting”.
Once the victim enters their login credentials, the details will be sent to a bogus Zoom server controlled by the cybercriminals.
According to Abnormal Security, more than 50,000 people have been targeted. However, this latest cyber-attack on remote workers has been targeted towards people using Office 365.
With a lot of uncertainty revolving around when things will return back to normal, cyber criminals have become hyperactive. In the past few weeks there have been various cyber-attacks on remote workers, highlighting the fact that cybercriminals have taken full advantage of this lockdown. With fear being on everyone’s mind, it’s quite easy for anyone to fall victim of these types of attacks.
For those who are not using Zoom, Skype has also fallen into the Cybercriminals hit list. Read more to find out how.
The best thing any business can do right now is to take measures by giving their workforce cyber security awareness training. Cyber security awareness training empowers staff into identifying Phishing attacks like these quickly, whilst protecting business data from being leaked.
Siccura Cybershield is the most interactive Cyber security training awareness programme. With a philosophy as simple as Test. Aware. Engage, we’ll help you:
- Test your employees and IT defences by playing the role of an attacker.
- Make your employees aware of the types of attacks such as Phishing, Vishing, Ransomeware and more
- Engage your employees by sharpening their knowledge, and teaching them how to combat threats.
Through the training progamme, we’ll help you turn your employees into a Human Cybershield ready to defend your business.