During these challenging economic times, an email from HR is the last thing you want to see in your inbox. But you could actually do worse. There's a spike in fake HR emails targeting officials working from home during the coronavirus lockdown. This is a part of hackers' attempt to execute a new online scam - a new trend that has emerged ever since the coronavirus outbreak.
A cybersecurity firm Cofense discovered the phishing scam disguised in HR emails. Anyone working remotely during these testing times wouldn't ignore an email from the Human Resource department and that's exactly what fraudsters are actually trying to take advantage of.
Not your HR!
By failing for this new type of scam, users are not only risking their information but also putting the organization at risk. Hackers were seen exploiting Microsoft Sway application to steal credentials and host phishing websites, researchers at Cofense discovered.
Microsoft Sway is a widely used application by organizations to generate newsletters and presentations to go about their day-to-day tasks. Cybercriminals are using the service to create and send emails with attention-grabbing subject lines such as Employee Enrollment Required' and 'Remote Work Access.'
Considering the current situation, who would doubt emails of such a nature? And that little bit of oversight can cost dearly to employees and its companies.
How does the phishing scam work?
Since the emails appear to come from your HR department, you would want to get on it instantly. In those fake HR emails, hackers put a link to enroll in a remote working policy. But clicking on that link will redirect you to a fake phishing website. Employees would be tricked into giving away login credentials though fake forms. The stolen information is often sold on the dark web to make quick cash and for others to exploit.
"As employees have rapidly shifted to remote working, threat actors have started to look at ways they capitalize on the COVID-19 pandemic to spoof new corporate policies and legitimate collaboration tools to harvest valuable corporate credentials, a trend we anticipate will only continue to gain steam in the foreseeable future," Kian Mahdavi from the Cofense Phishing Defense Center wrote in a blog post.
How to stay safe?
The researchers have found the hackers to be using legitimate domains and URLs to trick users. As a result, these scams go undetected. In order to stay safe, employees must be extra careful while reading emails, even if it appears to come from your employer. Employees must also hover the cursor above the hyperlinked text to see if they are being redirected to a legitimate site.
As for employers, they can have sophisticated anti-virus programs, which can identify such scams and warn employees of the nature of emails.