AppRiver recently discovered a phishing campaign that targets remote workers using emails appearing to be from their company’s IT department. The email stated that the IT department was in the process of building a portal that allows employees to keep track of their daily tasks. A URL shortened using the bit.ly service is included in the email, which instructs the recipient to update the new staff portal. Instead, the link leads to an Outlook Web Access (OWA) phishing page to steal employees’ passwords. Senior cybersecurity analyst David Pickett of AppRiver said threat actors may use different methods to carry out their campaigns. “Skilled social engineering actors may also conduct these types of scams via phone or in-person. It’s typical for these attackers to use automated tools such as Social Mapper or the numerous LinkedIn scraping tools to gain intelligence from social media sites and employment listings. These tools allow anyone to gain tremendous company data – including employee titles, organizational structure, known contacts, and even technologies the target company utilizes in order to help increase the sense of legitimacy in their attacks.” Many companies have already seen scams similar to this, and if they haven’t there’s a chance they will in the coming weeks.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in