Spanning three languages and at least 15,000 unique phishing emails, this latest phishing campaign targets stressed out workers in the U.S. and France, avoiding detection and promising to help with their ailments.
Let’s face it: we’re all stressed. The last year was a lifetime of stress packed into 12 months for some. And many have turned to Cannabidiol (CBD) products as a means of destressing and medicinal use for some ailments. A new set of campaigns has been spotted by security researchers at Vade Secure that have focused on corporate users using Microsoft 365 promoting CBD products to help with stress.
According to Vade, social engineering is used to “play on individuals’ fears and deliver false promises to trick victims into clicking on dangerous links or downloading malicious files.” Evasive methods including remote images, randomized URLs, delayed links, and delayed content activation are also common to keep these emails from being detected as malicious by security solutions.
Vade recommends that “business owners must combine strong email defenses with user awareness training programs.” Security solutions will help when cybercriminals make a mistake and fail to avoid detection. That’s why your users need to play a role in your defenses by enrolling in continual Security Awareness Training to ensure they are both up to date on the latest scams and are taught to be continuously vigilant when interacting with unsolicited emails (including ones that are “selling” CBD products), staying focused on corporate security and not falling for the convenience of an interesting email that just “happened” to be sent to them.
