Beware - that email from HR might be a cyber scam

News
By published

Criminals look to exploit new working from home trend

Email warning
(Image credit: Shutterstock)

Remote workers are being targeted by a wide-ranging new online scam looking to steal business logins.

Researchers at security firm Cofense have uncovered a phishing campaign masquerading as emails from HR departments.

The scam targets employees who are still getting used to working from home, tricking them into giving away credentials such as login details through fake remote working enrolment forms.

Fake HR

Cofense found that the hackers were exploiting the popular Microsoft Sway application to steal credentials and host phishing websites. 

Sway is a free application from Microsoft that allows employees to generate documents such as newsletters and presentations and is commonly used by professionals to conduct their regular day to day work tasks.

The criminals used this service to create and send out emails containing subject lines such as ‘Employee Enrollment Required’ and ‘Remote Work Access.' Claiming to come from "Human Resources", and phrased to resemble official internal communications the email asks the recipient to click on a link to enroll in an remote working policy.

However clicking on this link sends the victim to a fake phishing site, where their credentials are stolen and potentially sold on.

Cofense says it has detected multiple instances of such scams, and warns that as they often used legitimate domains and URLs, these campaigns went undetected for a long periods of time, which could mean a large number of accounts were compromised.

"As employees have rapidly shifted to remote working, threat actors have started to look at ways they capitalize on the COVID-19 pandemic to spoof new corporate policies and legitimate collaboration tools to harvest valuable corporate credentials, a trend we anticipate will only continue to gain steam in the foreseeable future," Kian Mahdavi from the Cofense Phishing Defense Center wrote in a blog explaining the threats.

Cofense recommends employees take extra care when reading all emails, even those claiming to come from their employer, and check links by hovering their cursor above the hyperlinked text to ensure it is directing them to a legitimate site.

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
China
Chinese hackers targeting Juniper Networks routers, so patch now
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Latest in News
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
The Discovery+ homepage
Discovery+ just got a big update to its streaming app that makes it more like Max – here are 5 great new features to try
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
More about security
ThreatLocker CEO Danny Jenkins speaking at ZTW25

“It’s made our jobs harder, not easier” - ThreatLocker CEO Danny Jenkins on AI
China

Chinese hackers targeting Juniper Networks routers, so patch now
iRobot Roomba Combo 205

This new Roomba finally solves the big problem I have with robot vacuums
See more latest
Most Popular
iRobot Roomba Combo 205
This new Roomba finally solves the big problem I have with robot vacuums
Google Gemini Robotics
Gemini just got physical and you should prepare for a robot revolution
Mac Studio on a desk
I compared Apple's Mac Studio M3 Ultra with 10 Windows workstations and I am truly shocked by what I found
Lilo & Stitch Official Trailer
Stitch crashes into earth and steals our hearts with the first trailer for the live-action Lilo & Stitch
Y2K cast looking shocked
Y2K has a streaming release date on Max, so you can witness the technology uprising at home
China
Chinese hackers targeting Juniper Networks routers, so patch now
GTA 5
GTA Online publisher Take-Two is gunning for a black market that’s basically heaven for cheaters
Bolt Zeus 2c26-032 PCIe card
This GPU vendor I've never heard of claims its card is 10x faster than an Nvidia RTX 5090 at real time path tracing
Google Meet create custom backgrounds
More AI features are coming to Google Workspace
A mockup of the possible Apple M3 Ultra logo
Performance isn't the only reason you should buy Apple's M3 Ultra Mac Studio - it's reportedly one of the most power-efficient processors too