Vane3alga

Business
Focused
Technology

Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has intercepted in recent months, including one that informed recipients that they needed to fill out a compliance form related to COVID-19 risks.

iStock 1216581880

“Reasonably well written, this email, apparently from the human resources department at the target company, actually came from phishers located in the United Kingdom,” Kay writes. “There are elements that might strike the recipient as strange. For example, the phrase ‘recuperating favorably’ is a bit off. Noncompliance is spelled ‘non-compliance.’ And ‘these guide and policies’ has an agreement-of-number problem. But otherwise, it’s a pretty good fake, including the legitimate SharePoint link embedded in the email. The problem with the link was that it led to a real but hijacked SharePoint site that was turned into a credential harvesting operation.”

Another phishing email purported to be sent from a company’s HR department asking all employees to take a survey regarding their interest in receiving a COVID-19 vaccine. The email contained a link to “survymonky/r/HPG23P”(spoofing the entirely legitimate and very familiar surveymonkey.com).

Kay also describes an email that appeared to come from the company’s CEO and abused an open redirect link to fool the target into thinking the link was benign.

“[E]mbedded within it was a link that used Google’s open redirect capability to send those who clicked through to a malware injection site or a credential harvesting operation,” he writes. “The cybercriminal was able to exploit a weakness that some legitimate websites like Google use that allows users to input parameters in a link that redirects to other sites. What the user sees is ‘google.com’ followed by a long URL path. Even if the recipient were to scrutinize the URL, all they’d see was a good-looking Google redirect.”

New-school security awareness training can enable your employees to recognize phishing scams and other forms of social engineering.

INKY has the story.


SOURCE: KnowBe4.com

Success Stories

Partner, Law Firm

We hired IT360 as our computer hardware and software computer consultants when the company first went into business. Since then, they have helped us purchase new software and hardware equipment that we have instituted into the law firm. Any time we needed them to be there they have been. They have solved all of our problems including: stand alone computers, networking issues, Internet access issues, and software. I would highly recommend IT360 to anybody who needs help in these areas.

Partner, Law Firm

Recent
Technology News

IT 360 News - Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026
Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026

Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026 As the United States celebrates its 250th year of independence this July 4, 2026, there’s a powerful question for modern organizations: What does independence look like in a digital world?  Two hundred fifty years ago, independence meant freedom from external control. Today, it […]

Read more
IT 360 News - Why ‘Working Fine’ Is Silently Holding Your Business Back
Why ‘Working Fine’ Is Silently Holding Your Business Back

Most IT environments don’t fail dramatically. They linger. For many organizations, systems are “working fine” — emails go through, files are accessible, users can log in — so problems don’t feel urgent. But beneath the surface, that fine often comes with hidden costs: slower response times, manual workarounds, duplicated effort, security gaps, and growing dependence […]

Read more