A new phishing campaign has been discovered that targets remote workers who will soon be going back to their place of work. The campaign emails claims to include information on coronavirus training. The campaign is one of the most genuine-looking phishing scams seen in recent weeks, as it is plausible that before returning to the office after lockdown would involve some changes to workplace procedures to ensure workers are safe.

This campaign focuses on Microsoft Office 365 users and tries to steal users’ Office 365 credentials under the guise of a request to register for COVID-19 training.  The emails include the Office 365 logo and are rprecise and to the point.

They state: “COVID-19 Training for Employees: A Certificate For Healthy Workspaces (Register) to participate in Covid-19 Office Training for Employees.”

The message includes a button to use to register, and the emails claim to be “powered by Microsoft Office 365 health safety measures.”

Visiting the link will direct the user to a malicious website where they are asked to enter their Office 365 credentials.

This campaign, like many others to have been seen over the past few weeks, closely follow world events. At the start of the pandemic, when there was little data available about COVID-19, phishers were offering new information about COVID-19 and the Novel Coronavirus. As more countries were impacted and cases were increasing, incorporation was being offered about local cases in the area. Now that most countries have passed the peak of infections and lockdowns have helped to bring the virus under control, tactics have been amended once again.

Campaigns have been discovered in the United Kingdom related to the new Track and Trace system being used by the NHS to help control infections warning users that they need to buy a COVID-19 test. Another campaign targeted parents who are suffering from financial difficulties due to COVID-19, asking for bank account information to allow them to receive a support payment from the government. Messages have also been seen about Free school dinners over the summer, now that the UK government has said that it will be supplying support to parents.

There have been many campaigns that have taken advantage of the popularity of the Black Lives Matter movement in their aftermath of the death of George Floyd. This campaign asked recipients of the email to register their opinions about Black Lives Matter and submit a review, with the campaign used to deliver the TrickBot Trojan.

What these phishing campaigns clearly show is the fluid nature of phishing campaigns, that are regularly changed to reflect global events to maximize the chance of the emails being opened. They show that users must to remain on their guard and be alert to the threat from phishing and always take time to consider the legitimacy of any request and to conduct a series of checks to determine whether an email is what it claims to be. This can be tackled through security awareness training, which should be given to employees regularly.

Of course, the best defense is to make sure that these emails are blocked and do not reach inboxes, which is why it is crucial to have layered defenses in place. An advanced spam filtering solution such as SpamTitan is required that uses machine learning and other advanced detection measures to ispotnew phishing scams along with measures to prevdiscover unseen malware variants. As an extra layer of protection, you should consider implementing a web filtering solution such as WebTitan that supplies time-of-click protection to block the web-based component of phishing attacks and stop drive-by malware installations. In tandem with security awareness training, these solutions will help you to mount a strong defense against phishing attacks.