With Covid-19 restrictions😷 being modified and in some cases lifted, the return to the workplace is inevitable. Last year when the Covid-19 restrictions were introduced we saw a dramatic rise in cyber attacks using Covid-19 as the subject of the attacks. Often these cyber attacks focused on:

  • Clinical trials of a vaccine
  • Personal protective equipment
  • Stimulus checks
  • Business grants
  • Donations

There was also an increase in fake and spoofed websites. These typically spoofed the World Health Organization, Johns Hopkins University, the Small Business Administration, and the Internal Revenue Service.

We also saw something unique, a rise of business process phishing emails. While these emails may have mentioned Covid-19 in some capacity, it was not the subject of the email. These emails focused on performing a business process, typically from a coworker or the boss of the small business. These emails were hoping to sneak in what looked like a normal, every day type of business email during the onslaught of Covid-19 focused phishing emails.

New threats while returning to the workplace

With the return to the workplace, new cyber attacks will focus on this as employees return to their stores and offices. In fact, we are already starting to see this happen. ThreatPost reports a new phishing scam. In this scam, the cyber criminal sends an email to the returning employees while pretending to be the CIO of the business.

The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations. In this step the victim is not prompted to input any credentials.

However, if a victim decides to interact (click) on either document a login panel appears and prompts the recipient to provide login credentials to access the files.”

Education and training are key to a successful return

One of the best things you can do is to educate and train your employees. With more and more of us returning to the workplace, focus your education and training on these types of phishing attacks. Communicate with your staff what your communications will be like moving forward to help minimize the chances of an employee falling for this.

For more information on cybersecurity checkout Small Business, Big Threat!