35,000 Workers Hit by Fake 'Code of Conduct' Phishing Attack

What Happened

Between April 14-16, cybercriminals sent fake "code of conduct" emails to 35,000 workers across 26 countries, successfully stealing their login credentials. Microsoft tracked this sophisticated attack, which went beyond simple password theft by harvesting authentication tokens that let attackers bypass many security protections.

The Details

The scam worked like this: employees received official-looking emails about updating or reviewing their workplace code of conduct. These weren't random spam messages. The attackers used legitimate email services to make the messages look trustworthy and avoid spam filters.

When victims clicked the link, they landed on convincing fake login pages designed to look like their company's real login portal. Here's where this attack got especially dangerous. Instead of just stealing passwords, the attackers grabbed authentication tokens. Think of these tokens as special keys your computer uses to prove you already logged in. With these tokens, hackers can access accounts even if you have two-factor authentication turned on.

The campaign targeted thousands of people simultaneously, making it one of the larger credential theft operations security researchers have tracked this year. The attackers chose "code of conduct" as their lure because it sounds official, creates urgency, and seems like something every employee should review immediately.

Who Is Affected

This attack primarily targeted working professionals who use corporate email and login systems. If you received any emails about code of conduct policies, compliance training, or HR updates during mid-April, you should be especially cautious.

However, the tactics used here apply to anyone with online accounts. Scammers constantly adapt these methods for different audiences. Today it's a code of conduct email to workers. Tomorrow it could be a fake package delivery notice or a bank security alert sent to your personal email.

What You Should Do Right Now

1. Check your recent login activity. Most email and work platforms show you where and when your account was accessed. Look for locations or devices you don't recognize. Find this in your account settings under "Security" or "Recent Activity."

The Bigger Picture

Phishing attacks are getting harder to spot because criminals use legitimate services and convincing scenarios. They research their targets and craft messages that match real workplace communications. The shift from password theft to token harvesting shows attackers are evolving faster than many security measures. Staying informed about current scam tactics isn't just smart anymore. It's essential protection for your digital life and your family's security.

How GetCyberRight Can Help

Before you click that urgent email link, run it through GCR Scam Guard. Our tool analyzes suspicious emails and links to detect phishing attempts before you accidentally give away your credentials. It's like having a cybersecurity expert check every questionable message. Scam Guard catches the red flags that even careful people miss, giving you confidence about which messages are safe and which ones are designed to steal from you.