Researchers from Proofpoint, a well-known email security vendor that provides anti-spam, anti-malware, and phishing protection services, observed a spear-phishing campaign, codenamed “employer21,” targeting teachers. The campaign delivers emails teachers purported to be from parents or guardians attempting to deliver a student’s assignment after issues submitting the assignment the “usual way.”
Typically a ZIP attachment accompanies the email and, if opened, can download malware in the event macros are enabled in Word or Excel. Though this campaign is limited in scale, it is likely that threat actors will continue to utilize themes that take advantage of the remote learning environment to create a sense of urgency and legitimacy in future campaigns.
The proliferation of targeted email campaigns is becoming a ‘go to’ for bad actors.
Email is an easy medium to exploit and will continually be attacked.
powersolution reminds users to exercise caution when clicking on links or opening attachments sent in emails from both trusted and unknown entities. We always recommend to verify the legitimacy of requests via a separate means of communication, such as phone. Additionally, powersolution HIGHLY recommends to avoid enabling macros in Microsoft Office documents unless there is a known use for this feature.
If you would like to discuss email security further or how powersolution can assist in protecting your network and increasing your overall security posture please visit our website at powersolution.com or give us a call at 201-493-1414 opt 1.