Open Nav
Sign Up

Social Engineering Under COVID-19

Social Engineering Under COVID-19

Shay Pinsker

August 19, 2020

As a leader of an organization you’re always trying to seize the next opportunity while avoiding unnecessary risks and threats. You can prepare clear strategies, build emergency plans and sometimes even purchase products that will keep your organization safe but most of the time you are so focused on the technological security solutions that you overlook the most valuable and most vulnerable asset in your organization, the human aspect.

Attackers lurking outside the corporate network know you are preparing for them but they also know that the human brain is very sensitive and sometimes automatically responds to their sophisticated attempts to influence it.

As companies around the world struggle to adjust to the new COVID-19 driven reality, cyber criminals appear to be managing just fine – unfortunately global disasters such as this are commonly leveraged by syndicates who carry out all sorts of fraud and cyber attack, mostly utilizing social engineering.

It is therefore reasonable to assume that most companies were not prepared for the sudden, unexpected shift from working on-premise with secure perimeters and acceptable use policies to remote and vulnerable working habits.

Big transformations without proper planning and preparation bring additional security risk to organizations across all sectors. Earlier this year, OP Innovate’s Incident Response and Digital Forensics teams stood up against a wave of COVID-related phishing and whaling emails that flooded personal and corporate mailboxes with themed malicious content that sought to take advantage of the global situation and sow fear and confusion into their multitude of recipients.

But more interesting is how some of the fraudsters combined business email compromise attacks (BEC) with the “COVID confusion” to elevate their attacks to the next level, stuffing their pockets with millions of dollars in a single, well orchestrated  “sleight of hand”.

OP Innovate’s IR team was called in to deal with several phishing campaigns, some resulting in huge financial loss, while others yielded a secondary ransom demand and room for negotiation.

How it Played Out

An Accounts Payable staffer was lured to a spoofed Office365 page by a malicious attachment in an email message received from a 3rd party supply chain vendor known to them.

To gain access to the document, the staffer willingly submitted their email address and corresponding password opening the door to the attacker who subsequently gained full access to the staffer’s mailbox. The attacker worked quickly to learn the organization’s financial approval procedures and through a series of fake emails, the  attacker managed to play the stakeholders against each other and succeeded in wiring several million US dollars to a fraudulent bank account.

A second case recently handled by OP Innovate resulted in a successful negotiation process with the attackers, in which the attacker retrieved the downloaded mail items, preventing a massive PR damage for the customer and their partners.

Key Takeaways:

COVID-19 has turned many internal processes on their head. This doesn’t have to be the way. Even during this uncertain period organizations should maintain alignment of their security controls. A decentralized workspace can mean a diffusion of security responsibility but making an effort to raise staff awareness to cyber security issues they have control over can have a strong effect on protecting the organization.

  1. Do not open mails from unknown or suspicious sources

  2. If opened – do not click on links contained within the suspicious emails

  3. If clicked – stay away from sites that are marked as “dangerous” by your browser

  4. If visited – do not insert your email address in order to access an attachment

  5. If you made it so far, you may have already given away your password as well.. Give us a call at OP Innovate

shay@op-c.net

Resources highlights

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance to post-exploitation, having a streamlined,…

Read more >

pentesting tools - op

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a session (SSH or GUI) to…

Read more >

CVE-2025-6018, CVE-2025-6019

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red team is trained to think…

Read more >

OP Innovate Red Team

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

Over 46,000 internet-facing Grafana servers (≈36 % of those online) are still running versions susceptible to CVE-2025-4123, a high-severity open-redirect that chains into stored cross-site…

Read more >

CVE-2025-4123

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)

Published: June 11, 2025 Threat Level: High Affected Product: Microsoft Outlook (Microsoft 365 Apps for Enterprise, Office LTSC 2024) CVSS Score: 7.8 (High) A newly…

Read more >

CVE-2025-47176
Under Cyber Attack?

Fill out the form and we will contact you immediately.