Recent email scams to watch out for if you’re working from home

28 Sep 2020

Image: © Sebastian Duda/Stock.adobe.com

Cybercriminals have been targeting at-home workers with fake emails that look like they’re from Microsoft and Salesforce, says ESET Ireland.

Cybersecurity hasn’t become less important since we’ve pivoted to working from home. In fact, Dr Asma Adnane, an expert on the topic, says we have become even more at risk because we could be using less secure computer settings.

The latest threats to be mindful of are email scams aimed at workers in offices and at home, according to ESET Ireland. The security-software provider has said that cybercriminals are capitalising on the fact that more people are working remotely and have “adapted a few scams to take advantage of that”.

The first pops up in your email inbox as what appears to be a notification from Microsoft. It reads ‘you’ve been assigned a new task!’, prompting the user to engage with ‘September tasks’ and providing a link to ‘open in Microsoft Planner’.

Clicking on that link will bring the user to a fake Microsoft login page. Through it, scammers can log in themselves and potentially access personal files.

ESET explained that this scam can “quickly catch unaware home-office users off guard” as working from home has led to “decreased personal interactions” and “increased automation and task scheduling via various apps”.

The second scam, according to ESET, pretends to come from customer-management software Salesforce. The email says that Salesforce is ‘deactivating non-active users’. Again, it provides a link for the user to click on and asks them to confirm their email address to prevent the alleged deactivation. The user is brought to a phishing website that, according to ESET, “harvests users’ login details”.

“While the email is rather low effort and uses poor grammar, it could still fool someone dependent on daily use of the software to quickly head over and confirm their details, thus enabling scammers access and abuse of their user account,” the company explained.

“Both scams aren’t particularly elaborate or unexpected but, due to the widespread use of the software they refer to and the way many people respond automatically without pausing to think about the possibility of scams, may still achieve wide reach and many clicks.

“ESET Ireland advises all users to pay particular attention and exercise extreme caution with any emails that require them to click on links and fill in login details. If you encounter such emails, don’t click on anything within them, do not reply to them, just delete them and warn your colleagues.”

Lisa Ardill was careers editor at Silicon Republic until June 2021

editorial@siliconrepublic.com