Security News > 2021 > May > Hackers Exploit Post-COVID Return to Offices
The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices.
The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations.
If a victim decides to interact on either document a login panel appears and prompts the recipient to provide login credentials to access the files.
Just last month, as governments rolled out pandemic relief payments, attackers used fake U.S. aid payments to deliver Dridex Malware.
"COVID-19 has given us a window into how hackers can exploit human vulnerabilities during a crisis, with healthcare and pandemic-related attacks prevalent in 2020," Sivan Tehila with Perimeter 81 wrote recently for Threatpost.
Cybercriminals thrive on change and only become emboldened by it, rolling out new cybercrime offenses to exploit trending news events, she said.
News URL
https://threatpost.com/hackers-exploit-covid-office/166550/
Related news
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
- Hackers exploit OttoKit WordPress plugin flaw to add admin accounts (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)