The move to home working provided new opportunities for phisherfolk, but as many people start to return to their offices the attackers are pivoting to exploit that too.

A new report from email phishing protection specialist INKY shows attacks are capitalizing on vulnerability and the desire for accurate information about returning to the office in-person.

A common tactic is to use emails that appear to come from the HR department, supposedly asking employees to take a survey about their willingness to get a COVID-19 vaccination. Other lures include messages seemingly from CEOs about compliance requests or rule changes.