At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Omicron-Themed Phishing Campaign is Running Rampant

    Omricron Themed Phishing Campaign

    A mean-spirited phishing campaign is mocking victims after infecting their devices with Dridex malware, according to Lawrence Abrams at BleepingComputer.

    “Over the past few weeks, one of the Dridex phishing email distributors is having fun toying with victims and researchers,” Abrams writes. “This was first seen when the threat actor began trolling security researchers by using their names combined with racist comments as malware file names and email addresses. Earlier this week, the threat actor spammed fake employee termination letters that displayed an alert stating, ‘Merry X-Mas Dear Employees!,’ after infecting their device. In a new phishing campaign discovered by MalwareHunterTeam and 604Kuzushi, this same threat actor took it to the next level by spamming emails with a subject of ‘COVID-19 testing result’ that states the recipient was exposed to a coworker who tested positive to the Omicron COVID-19 variant.”

    The Omicron-themed phishing emails state, “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th. Please take a look at the details in the attached document.”

    If the victim opens the Excel document and enables macros, their device will be infected with the Dridex banking Trojan. In a poor attempt at humor, the document will then display a popup showing the COVID-19 Funeral Assistance Helpline number.

    “With the COVID-19 variant being highly contagious and rapidly spreading worldwide, phishing emails about the Omicron variant are becoming popular and are likely highly effective in distributing malware,” Abrams writes. “This is especially true if the phishing campaign pretends to be from a company’s human resources department and targets employees from the same company. As Dridex phishing campaigns are currently using password-protected attachments, enterprises need to train their employees to spot and avoid these types of attacks. As always, if you receive unexpected emails or one that contains unusual attachments, always reach out to your network admin or other people in the workplace to determine if the email is legitimate.”

    And the criminals can be as dumb as they are dishonest and mean-spirited. This particular campaign can stand in as exhibit A. New-school security awareness training with simulated phishing attacks can enable your employees to avoid falling for these attacks.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    PST Results

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top