For many months, organizations across the globe have been working remotely due to the coronavirus pandemic. In a new phishing attack, the bad guys target your feelings of stress or excitement about returning to the office.
The phishing email resembles something that your human resources department might send about returning to the office. Attached to the email is an HTML file that includes your name in the file name. If you download and open this attachment, you’ll be taken to a file that is hosted on the file-sharing site, Microsoft SharePoint. According to the document, you must acknowledge the return to office policy by providing your username and password. If you enter your credentials here, the information will be sent directly to the bad guys and they’ll have the same access to your organization as you do.
Don’t fall for this trick! Remember these tips:
- This attack tries to exploit the uncertainty of going back to work in the office. Don’t let the bad guys toy with your emotions. Think before you click!
- Never impulsively click on a link or download an attachment that you weren’t expecting, even if it appears to be from your own organization.
- When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking a link or downloading an attachment.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.