Hackers are exploiting the COVID-19 crisis with a global work-at-home phishing scam, according to Mimecast.
To date, Mimecast’s Intel team has spotted over 300 examples of the credential-stealing scam that uses a faked OneDrive login.
“Threat actors are actively utilizing this pandemic to attempt to compromise individual’s accounts and organization’s networks,” the company states.
It adds, “The potential for human error will inevitably increase in the coming weeks and we expect to see more of these phishing attempts in the coming days and weeks.”
One such email states:
“Important Covid-19 Updates & Measures
“Important company policies regarding the Covid-19 Virus has been uploaded to OneDrive. It is important you read the procedures to keep everyone safe.
“Login here to action read”
Another email says, “Log in your work email to OneDrive,” and asks for the person’s password.
Mimecast adds that as“the pandemic continues to spread and more and more people are made to work from home, we are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page.”