Beware - that email from HR might be a cyber scam

Criminals look to exploit new working from home trend

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Remote workers are being targeted by a wide-ranging new online scam looking to steal business logins.

Researchers at security firmCofensehave uncovered a phishing campaign masquerading as emails from HR departments.

The scam targets employees who are still getting used to working from home, tricking them into giving away credentials such as login details through fake remote working enrolment forms.

Fake HR

Fake HR

Cofense found that the hackers were exploiting the popularMicrosoftSway application to steal credentials and host phishing websites.

Sway is a free application from Microsoft that allows employees to generate documents such as newsletters and presentations and is commonly used by professionals to conduct their regular day to day work tasks.

The criminals used this service to create and send out emails containing subject lines such as ‘Employee Enrollment Required’ and ‘Remote Work Access.' Claiming to come from “Human Resources”, and phrased to resemble official internal communications the email asks the recipient to click on a link to enroll in an remote working policy.

However clicking on this link sends the victim to a fake phishing site, where their credentials are stolen and potentially sold on.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cofense says it has detected multiple instances of such scams, and warns that as they often used legitimate domains and URLs, these campaigns went undetected for a long periods of time, which could mean a large number of accounts were compromised.

“As employees have rapidly shifted to remote working, threat actors have started to look at ways they capitalize on the COVID-19 pandemic to spoof new corporate policies and legitimate collaboration tools to harvest valuable corporate credentials, a trend we anticipate will only continue to gainsteamin the foreseeable future,” Kian Mahdavi from the Cofense Phishing Defense Center wrote in a blog explaining the threats.

Cofense recommends employees take extra care when reading all emails, even those claiming to come from their employer, and check links by hovering their cursor above the hyperlinked text to ensure it is directing them to a legitimate site.

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case