How Cybercriminals are Capitalizing Businesses’ Return to Office Plans Blog


In the past few weeks, we've seen Google, Microsoft, Salesforce, and other major employers indicate they will be adopting a hybrid workplace. This isn't surprising as COVID-19 vaccinations are progressing at a solid pace, especially in the US, so most businesses are beginning to communicate their strategies for bringing people back into the office. This, unfortunately, is an opportunity for cybercriminals to target employees.

Fear, Uncertainty, and Doubt: A Recipe for a Cyberattack


It's 6 p.m. on a Friday. Just as employees are wrapping up, an email is sent from HR saying employees need to enroll in a new desk sharing program. People click on the link, punch in their credentials, and head off to enjoy their weekend blissfully unaware that cybercriminals have tricked them. Come Monday morning, everyone is pulled into an emergency meeting to discuss a significant data breach that took place over the past few days.

No matter which attack scheme they use, cybercriminals understand one simple fact: all human beings are vulnerable. More than any other method of attack, cybercriminals prey on a company's workforce using common psychological tactics to create fear, uncertainty, and doubt to manipulate people into sending money, providing access, or sharing confidential information.

There are two attack techniques our threat intelligence team has identified that cybercriminals could potentially use to take advantage of organizations" return to office (RTO) plans:


1. C-Level Impersonations: A cybercriminal impersonates a C-level or senior executive and makes a demand from a direct report that requires a quick turnaround. Hackers prey on employees' deferential relationships with their bosses to influence people to engage in risky behaviors. For instance, an email from the head of facilities stating that you're late to enroll in the company's RTO program and must sign up immediately will likely elicit a response from an employee.


2. Intimidation: Some cybercriminals use aggressive scare tactics to perpetrate scams. While these schemes take several forms – personal blackmail, fraudulent lawsuits, or threatening to shut down a paid service – the end-goal is always the same: pressuring victims into wiring money or divulging sensitive information. Hackers commonly spoof well-known business apps that send messages claiming there are "issues with your account" that must be resolved quickly or access will be revoked. Employees scared to lose access to critical business apps while working remotely promptly fall victim to this trick.

Combatting these types of highly targeted attacks requires personalized security awareness training–coaching. Everyone is a target for cybercriminals, from the CEO to a junior associate fresh out of college. Cybercriminals understand that remote workers are overstimulated, distracted, and generally bored because they talk at a screen for a good chunk of their workday. An employee only needs to slip up once, and they've potentially compromised their entire organization.

Cybersecurity awareness and protection is everyone's responsibility within a hybrid workplace. What businesses can't do, however, is apply a one-size-fits-all approach. Whether they are a Millennial, Gen Z, or Gen X, people are susceptible to different types of attacks based on their understanding and familiarity with the digital workplace and their organization's cybersecurity policies. Businesses must customize their approach to determine who does – and doesn't – need help in specific areas. Individual attention and personalized coaching can help steer people away from risky behaviors and protect the business from cyberattacks.


Cybercriminals depend on humans' inherent trust in the corporate policies and technologies in place to protect them from attacks. The only way to positively influence user behavior is to flag risky behaviors and deliver educational content in real-time. SecurityAdvisor's patented platform helps security leaders measure their workforce's improvements in identifying and remediating cyberattacks.

See how SecurityAdvisor works by requesting a quick demo.

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today