Skip to Main Content

Phishing Emails Regarding Employment Termination Results from COVID-19 Downsizing

In response to the recent increase in teleworking during the COVID-19 pandemic, cyber criminals are targeting teleworking employees with fraudulent termination phishing emails and VTC meeting invites, citing COVID-19 as the reason. Employees who are alarmed by the message may not scrutinize the spoofed email address that looks similar to their company’s legitimate one. The emails entice victims to click on malicious links purporting to provide more information or online conferences pertaining to the victim’s termination or severance packages. Companies should alert their employees to look for emails coming from Human Resources or management with spoofed email domains.

Note: In another instance, attackers sent meeting notifications asking recipients to join a VTC meeting regarding their purported terminations. The emails contained links to a fake VTC service login page; and used hyperlinked text such as “Join this Live Meeting” to appear as a legitimate automated meeting notification. Recipients who fall victim to this attack have login credentials as well as any other information stored on the VTC platform compromised.

 

Recommendations:

  • Alert employees to look for emails coming from Human Resources or management with spoofed email domains. Verify with your HR to see if the email was legitimately sent by them.
  • Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
  • Require use of password or PIN for any teleconference or web meetings.
  • Beware of social engineering tactics aimed at revealing sensitive information. Use tools that block suspected phishing emails or that allow users to report and quarantine them.
  • Beware advertisements or emails purporting to be from telework software vendors.
  • Always verify the web address of legitimate websites or manually type them into the browser.
  • Do not share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
  • Avoid opening attachments or click links within emails from senders you don’t recognize.
  • Only enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) when absolutely necessary.

 

Report:

If you are not sure that you have been phished, but believe an email might be malicious, you can still report it to the Information Security Office to investigate by sending an email to security@ucla.edu.