AppRiver recently discovered a phishing campaign that targets remote workers using emails appearing to be from their company’s IT department. The email stated that the IT department was in the process of building a portal that allows employees to keep track of their daily tasks. A URL shortened using the bit.ly service is included in the email, which instructs the recipient to update the new staff portal. Instead, the link leads to an Outlook Web Access (OWA) phishing page to steal employees’ passwords. Senior cybersecurity analyst David Pickett of AppRiver said threat actors may use different methods to carry out their campaigns. “Skilled social engineering actors may also conduct these types of scams via phone or in-person. It’s typical for these attackers to use automated tools such as Social Mapper or the numerous LinkedIn scraping tools to gain intelligence from social media sites and employment listings. These tools allow anyone to gain tremendous company data – including employee titles, organizational structure, known contacts, and even technologies the target company utilizes in order to help increase the sense of legitimacy in their attacks.” Many companies have already seen scams similar to this, and if they haven’t there’s a chance they will in the coming weeks.
Analyst Notes
The Department of Homeland Security (DHS) published insights on how companies can protect employees and data during this time of increased remote work. Some of those insights included:
• Secure systems that enable remote access by setting up a VPN
• Implement system monitoring to watch for abnormal behavior
• Require all employees to use multi-factor authentication
• Ensure that all remote work machines have properly configured firewalls and anti-malware solutions
Educating employees about how to spot phishing and other attacks can help increase security. If vigilant employees quickly report attempted phishing attacks, the company’s IT department can determine if any other employees opened the malicious email messages or visited the phishing site, and reset passwords as appropriate. Employers may also want to implement an email scanning tool that can look for indications of attacks that are associated with known campaigns (IP addresses, patterns) to block malicious messages while allowing legitimate messages to reach the intended recipients.
Source: https://appriver.com/resources/blog/march-2020/scammers-targeting-new-remote-workers-fake-it-emails-0?&web_view=true
