Given that over 40 million Americans filed for unemployment in the last two months, they are likely a fair number of resumes being emailed around.
For those people who have been affected by the virus, many of them likely had to fill out medical leave forms.
So how can a hacker take advantage of this wonder opportunity (for them)?
They can create fake resumes and fake medical leave forms and insert a malicious payload in those forms. Then all they have to do is create a phishing campaign to get people to open those infected resumes and medical leave forms and voila, you’ve been owned.
Security vendor Checkpoint says that they have seen an increase in resume related malicious files – double in the last two months.
Once opened, the malware steals credentials and other private information. Given that the unemployment situation is going to be with us for a while, it is likely that these campaigns will continue and morph.
Some of the efforts should have obvious clues like asking employees to enable macros in a resume, but people who are busy and stressed might do that.
In addition, more sophisticated campaigns might use other techniques that are less obvious.
Besides general cyber hygiene – companies should be on high alert for attacks right now – here are some recommendations from Checkpoint:
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
- Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
- Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, search for your desired retailer and click the link from the results page.
- Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
- Make sure you do not reuse passwords between different applications and accounts.
While these attacks will eventually fade away, that probably won’t happen until unemployment goes down significantly and that might not happen this year.
In the meantime, employees need to be alert. Credit: Checkpoint