Employees Targeted as They Return to the Office
June 15, 2021


Dear Colleagues,

As you are aware, the number of phishing attacks increased dramatically throughout 2020 as employees transitioned to remote worksites. Now that workers are starting to make their way back to the office, cyber-criminals have come up with new ways to exploit users.

The most prevalent of these new scams targets employees using a “Welcome back” email that looks like it comes from an executive-level member (CIO, VP, Board Member, etc.). Typically, the email includes the organization’s logo, an executive’s signature, some post-pandemic precautions, and some form of document link or attachment. The document links transfer recipients to a spoofed MS SharePoint site in an attempt to lure victims into providing their credentials by way of a fake login panel (rather than redirecting to a new page). This login panel adds a sense of legitimacy, which in turn makes it more effective.

An even more devious variation includes a credential validation scam that provides users with a “Your account or password is incorrect” message so they re-enter their credentials again, which then redirects them to a legitimate OneDrive page giving users the impression that their login was successful. In reality, the user just provided a double-key verification of their credentials to the cyber-criminal, and are none the wiser.

Cyber-criminals are relentless and continue to adapt in new ways. Consequently, we must be ever vigilant in combating social engineering attempts by constantly questioning and being mindful when interacting with email, voicemail, text messages, etc.

As always, ITS encourages you to take a few minutes to review Password and Passphrase Best Practices which includes the following topics:

  • Creating Strong Passwords and Passphrases
  • Safeguarding Your Account
  • Password Managers
  • Checking Your Accounts for Breaches and Exposed Passwords
  • Enhanced Browser Security Measures


If you have any questions regarding this or any other previous advisory, please feel free to email the Office of Information Security.