New scam targets home office workers
With an increased number of people working from home, cybercriminals have come up with scams to take advantage of the current situation.
Cyber security company ESET Ireland has identified email scams aimed at the office or home-office workers. These scams are targeting an increased reliance on emails and office software for conducting daily business.
The first email scam can quickly catch unaware home-office users off guard, as the decreased personal interactions result in increased automation and task scheduling via various apps.
The email appears like a notification by Microsoft saying “You’ve been assigned a new task!” and comes with all the corresponding visuals. The content of the email says “September Tasks” and offers a link “Open in Microsoft Planner”.
Clicking on that link takes the victim to a fake Microsoft account login, which could enable the scammers to log in and gain access to everything, including personal files, the users might have associated or stored with their Microsoft account.
The other scam pretends to be coming from Salesforce, a known customer management software used by many companies. It claims they are “deactivating non-active users” (Not even just accounts, but users themselves) telling the victims to click on a link to confirm their email address and prevent deactivation.
This in turn leads to a phishing website that harvests users’ login details.
While the email is rather low effort and using poor grammar, it could still fool someone dependent on daily use of the software to quickly head over and confirm their details, thus enabling scammers access and abuse of their user account.
Neither scam is particularly elaborate or unexpected. But due to the widespread use of the software they refer to and the way many people respond without pausing to think about the possibility of scams, they may still achieve wide reach and many clicks.
ESET Ireland advises all users to pay particular attention and exercise extreme caution with any emails that require them to click on links and fill in login details. As always the best advise it to delete any such emails and warn colleagues of the threat.