Expert Comments

Office 365 Users Targeted By ‘Coronavirus Employee Training’ Phish

Expert(s): Security Experts
Expert(s): Security Experts

Researchers are warning of a new phishing attack that purports to send coronavirus training resources to employees who are returning to the workplace, as COVID-19 lockdowns lift. The recent phishing campaign leverages novel training programs that are required for employees in the workplace to comply with coronavirus regulations. The campaign, targeting Office 365 users, sends an email that includes a link to register to the training: “COVID-19 Training for Employees: A Certificate for Health Workplaces.” Instead of a legitimate sign-up page, however, it instead directs users to a malicious link, where they are asked to input their credentials (at the moment that link is inactive), according to a new report from Check Point Research.

Experts Comments

June 29, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Ever since COVID-19 broke, we've seen a sharp increase in the number of COVID-19 themed phishing attacks. This new attack, unfortunately, indicates that this trend shows no signs of slowing down. It is vital that organisations continually keep employees abreast of what the ongoing situation is, and how to expect communication. They should be made aware of these kinds of threats that exist, how to spot them, and how to quickly and easily report any suspicious emails, or report where someone.....Read More
Ever since COVID-19 broke, we've seen a sharp increase in the number of COVID-19 themed phishing attacks. This new attack, unfortunately, indicates that this trend shows no signs of slowing down. It is vital that organisations continually keep employees abreast of what the ongoing situation is, and how to expect communication. They should be made aware of these kinds of threats that exist, how to spot them, and how to quickly and easily report any suspicious emails, or report where someone may have downloaded potentially malicious software or provided their credentials. From a technical perspective, organisations should look to deploy preventative measures such as MFA to protect accounts even if credentials are compromised, and to have detection and response controls in place.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts