Researchers in digital security have discovered a new scam that consists of sending fake e-mails on behalf of the corporate technology department, aiming to reach employees in remote work. In a recent campaign, detected by AppRiver, cybercriminals sent an email to employees posing as members of the company’s helpdesk team. The e-mail reported that the technology team had created a portal to help users manage tasks during remote work. This e-mail also instructed recipients to update their data on the new portal, through a link that directed them to the OWA phishing page (Outllook Web Access). Senior AppRiver cybersecurity analyst David Pickett said the perpetrators of the threat could use different media to increase the success of this type of scam:
“Cybercriminals specializing in social engineering can also carry out these scams over the phone or in person. It is common for cybercriminals to use automated tools, such as Social Mapper or the numerous tools including LinkedIn, to obtain information exposed on social networks about the targets of the attacks. The tools allow anyone to obtain data – including employee positions, organizational structure, known contacts and even technologies that the target company uses to help increase the sense of legitimacy of the approaches”.
More scams targeted at remote workers sent by email
The Wall Street Journal covered an increase in e-mail phishing attacks, in which cybercriminals used information about the target organizations’ remote work plans. In the email, cybercriminals said they would give information to their recipients if they passed on some personal and / or work-related data, a means of trying to gain access to their accounts. Deloitte‘s chief risk adviser, Colm McDonnell, was a witness to these attempted attacks. He explained that these and other efforts are likely to become increasingly common as more workers move to remote work, motivated by the advance of the pandemic and the need for social isolation. It is very likely that in the coming days more and more people will choose to work remotely, making use of their company’s VPNs. Some of these companies may never have had VPNs before, and since these people may not be familiar with the portal page or MFA, they may be more susceptible to malicious third-party e-mails disguised as members of the technology team, a VPN provider or genuine MFA supplier.
“While adapting to this new work situation, employees may not be in the right frame of mind to identify phishing scams or make an appointment to assess the accuracy of some information received.” He watched McDonnell. “This could further increase the success of these types of attacks.”
Protecting remote workers from phishing attacks
Companies must apply a number of resources to prevent such attacks from succeeding. Among which, it is important to highlight: Use of VPN’s: The use of this type of technology is essential for establishing secure remote work. VPN’s enable encryption of data trafficked over unsecured networks and implementation of controls over the use of the internet and corporate applications. Internet control also prevents malicious websites and links from being accessed and causing damage to the company. Corporate antispam: I try to keep in mind that most phishings are executed by email, it is important that companies implement technologies that prevent malicious messages from reaching the inbox of company employees. This is one of the most efficient ways to curb attacks of this type. Team awareness: Technology resources are often not sufficient to prevent the success of virtual attacks. In these moments, the human factor is one of the main safety assets. Therefore, it is very important that technology professionals and companies develop training and awareness programs to strengthen their security strategies. Are you interested in continuing reading on this topic? Then access more content through the link. And if you experience difficulty in implementing the remote work strategy, feel free to contact one of our specialists. Via: AppRiver.