Hackers often use world events to target victims. Returning to the office after COVID-19 restrictions are beginning to be lifted is their next opportunity. They will attempt to lure you in with their scams as a way to steal your credentials and personal information.
One of the latest phishing campaigns is designed to appear like it comes from a prominent source within the organization, welcoming you back to the office. This scam includes using the company’s logo and header. The messages can look very convincing.
In this phishing scam, the hackers attempt to get you to open documents related to guidelines for coming back to the office.
If you click on these documents, you will be prompted to provide login credentials to access the files.
Red Flag! If you are signed into your email and click on a link to open a file saved in OneDrive, Office 365 will not ask you to sign in again.
Be extra cautious when you click on a link in an email, and it asks for login credentials as soon as you click on the link. If you aren’t expecting the email, it is safest to go directly to the source, which could be OneDrive, your bank website, Amazon website, and so on.
What can you do?
Stay informed. Scams are always evolving, so it’s a good idea to check the Federal Trade Commission (FTC) Scam Alerts site for a list and descriptions of the latest scams. Also, stay up-to-date on the scams targeting K-State by checking the K-State Scams blog and reading cybersecurity articles published in K-State Today.
If you are not sure about an email, please don’t respond. The Division of Information Technology can determine if an email is a scam. Send the questionable email to abuse@ksu.edu.
