Cleverly disguised ‘job application’ email downloads malicious payload

Posted by Akankasha Dewan on 29 October 2018 14:54:36 AEDT

Don't be fooled if your receive an email masquerading as a job application. The email contains a fraudulent resume that can infect your computer.

Targeting HR professionals, the email comes from a large number of different compromised email accounts, with unique sender names and a variety of subject lines, making it difficult to spot. 

This is a large-scale run of scam emails, which MailGuard has been intercepting over the past week and a half.

The body of the email is simple, informing recipients that the sender is interested in applying for a job vacancy, or more specifically that they are ‘interested in a position.’ It also includes a password-protected resume and contains a password to access the resume.

Job application scam

Unsuspecting recipients who attempt to access the resume by entering the password end up initiating the download of a malicious payload.

resume payload

The large number of different sender names and different subject lines, makes this scam a challenge for anyone that is currently recruiting, or reviewing resumes.

Here are a few examples of the various subject lines cybercriminals have used for this email scam:

  • Application
  • Job Application
  • Regarding Job
  • Job
  • Hiring
  • Regarding position

What to look out for

Some tell-tale signs to look out for include:

  • The use of a password to trigger the download of the malicious payload. This makes it harder for email filtering services to access the payload directly. Hence, it is less likely that the email will be classified as a scam.
  • Recipients should also look for job application emails that are not specific about the nature of the desired role, simply stating that the applicant has attached their resume and is 'interested in a position.'

The above email scam is a great example of how cybercriminals can leverage routine business correspondence to trick unsuspecting recipients. Even if a potential victim doesn't recognise the sender details, they might conceivably download the file to satisfy their curiosity.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: email scam Cybersecurity cybercrime Malicious payload

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all