Group of office workers wearing N95 masks with Targets over their heads

Cyber-criminals target employees returning to the workplace in targeted COVID-19 phishing scams

COVID-19 phishing emails are reducing in number yet increasing in accuracy.

With lockdown dominating the headlines across the globe and affecting the lives of countless individuals, social engineers have been working double-time (more than sextuple-time, to be accurate) to capitalise on lower levels of cyber awareness.

So what does this mean for those returning to their respective places of work? We may go as far as to assume that as workers go back to the office, phishing emails (especially COVID-19 themed emails) would ease up.

That may well be the case…just not yet.

A new wave of COVID-19 themed phishing emails, aimed specifically at those returning to their places of work, is making the rounds.

Global cyber security experts Check Point Software Technologies Ltd released a recent article covering new research on cyber criminals using this period of transience to exploit workers attempting to integrate back into office life.

In a bid to keep the spread of the coronavirus down while filling offices back up, many employers are offering webinars and online training to educate users in how to stay safe. Hackers are very aware of this and are sending cleverly crafted phishing emails, masquerading as managers or other trusted work officials, offering (fake) links to webinars and other articles surrounding their return.

An example of one such email is below:

Image credit: Checkpoint Research

To users with a solid foundation of cyber awareness, emails like these are immediately reported and deleted. Unfortunately, there is still an inordinate amount of internet-facing workers without any form of security awareness training who don’t notice the spelling mistakes, grammatical errors and fake URLs.

Although weekly numbers of COVID-19-themed cyber attacks have reduced from their peak in April this year (see graph below), they are still proving a highly effective mechanism of attack and require security savvy users to spot them.

Image credit: Checkpoint Research

We ( understand that taking the first steps toward educating your users can be a tricky one to make, and have made tremendous efforts to help our readers and customers alike in understanding where their security weaknesses lie.

To this end, we have a number of free tools we recommend our readers try to get a better idea of how security-aware their users are. Our most popular tool is the Free Click-Prone® Test, which reveals exactly how many of your users would fall for a modern phishing attack.

To this day, there is no hardware solution that can stop 100% of phishing attacks, that means that when (not if) a phishing email arrives in one of your users’ inbox, the security of your entire organisation rests in their ability to spot it.

Educate your users before the bad guys do it for you.

Main image adapted from

Recent posts