Before COVID-19, pretty much everyone worked in an office so that’s where hackers aimed their phishing attacks. They used spear phishing and business email compromise (BEC) techniques to steal credentials and to steal money. And then something strange happened: everyone started working from home.

Once everyone started working remotely due to the coronavirus, that’s where the hackers went after them because remote workers are even more vulnerable working from home (WFH). COVID-19 themed emails targeting WFH employees with promises of face masks or investments in fake companies claiming to be developing vaccines were very common. And then something strange happened: employees started returning to the office.

You’ll never guess where the hackers are focusing their phishing attacks now: workers returning to the office. They get you coming and going.

In an article from TechRepublic, “Now that organizations in some parts of the world are trying to reopen, recent phishing attacks observed by the cyber threat intelligence provider Check Point Research are targeting employees returning to the office.”

What’s the theme of these latest phishing attacks? Employee COVID-19 testing. From the article, “Organizations welcoming back workers are enacting testing programs and workplace rules to guard against COVID-19 infections. To prepare employees, many companies are offering webinars and training videos to explain the new rules and requirements. Of course, cybercriminals are aware of this trend and are actively exploiting it. In phishing campaigns, attackers are deploying emails and malicious files masquerading as COVID-19 training materials. One particular email tries to trap the recipient into signing up for a phony employee training seminar. Clicking the link in the email actually leads the person to a malicious website designed to capture their Microsoft credentials.”

Work from home is here to stay, but so is work from the office. It’s not unexpected that most employees do a combination of both in the future. The so-called partially remote jobs may become the norm. Employees in the future will be mobile, which means the location where they receive their email will be mobile. And there’s only one way to effectively protect a mobile workforce from phishing emails: cloud-based email security.

With cloud-based email security, it doesn’t matter where the email recipient is located, nor does it matter what device they receive their email on. Cloud-based email security doesn’t protect a device or a location. It protects an email address, regardless of device or location.

Phish Protection is cloud-based email security that uses real-time link click analysis to protect against the most sophisticated phishing attacks. And the best part is, it works with all major email solutions, it sets up in 10 minutes and costs just pennies per user per month.

If your employees are going to be on the move, you need email security that goes where they go. Try Phish Protection for free for 60 days.