Beware - that email from HR might be a cyber scam

Remote workers are being targeted by a wide-ranging new online scam looking to steal business logins. Researchers at security firm Cofense ...

Remote workers are being targeted by a wide-ranging new online scam looking to steal business logins.

Researchers at security firm Cofense have uncovered a phishing campaign masquerading as emails from HR departments.

The scam targets employees who are still getting used to working from home, tricking them into giving away credentials such as login details through fake remote working enrolment forms.

Fake HR

Cofense found that the hackers were exploiting the popular Microsoft Sway application to steal credentials and host phishing websites. 

Sway is a free application from Microsoft that allows employees to generate documents such as newsletters and presentations and is commonly used by professionals to conduct their regular day to day work tasks.

The criminals used this service to create and send out emails containing subject lines such as ‘Employee Enrollment Required’ and ‘Remote Work Access.' Claiming to come from "Human Resources", and phrased to resemble official internal communications the email asks the recipient to click on a link to enroll in an remote working policy.

However clicking on this link sends the victim to a fake phishing site, where their credentials are stolen and potentially sold on.

Cofense says it has detected multiple instances of such scams, and warns that as they often used legitimate domains and URLs, these campaigns went undetected for a long periods of time, which could mean a large number of accounts were compromised.

"As employees have rapidly shifted to remote working, threat actors have started to look at ways they capitalize on the COVID-19 pandemic to spoof new corporate policies and legitimate collaboration tools to harvest valuable corporate credentials, a trend we anticipate will only continue to gain steam in the foreseeable future," Kian Mahdavi from the Cofense Phishing Defense Center wrote in a blog explaining the threats.

Cofense recommends employees take extra care when reading all emails, even those claiming to come from their employer, and check links by hovering their cursor above the hyperlinked text to ensure it is directing them to a legitimate site.



from TechRadar - All the latest technology news https://ift.tt/3529KRo
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Beware - that email from HR might be a cyber scam
Beware - that email from HR might be a cyber scam
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2020/04/beware-that-email-from-hr-might-be.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2020/04/beware-that-email-from-hr-might-be.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy