MailGuard have identified and successfully blocked an email scam outbreak containing malware appearing to be from a genuine job applicant seeking employment.
These scams typically prove successful by preying on victims in the HR industry that are likely to skim emails and quickly click attachments, and companies that have recently posted to job boards and are expecting a flood of applicants.
Here is a screenshot of the type of email to watch out for:
In this example, the email originates from a sender named, ‘Christy Rauscher’ and features a seemingly trustworthy email subject. Considering the subject of the email eludes to the body containing an attachment, the .doc attachment doesn’t appear suspicious to the untrained eye.
The sender reinforces that the recipient will find exactly what they’re looking for in a future employee by downloading the attached resume.
The .doc itself is actually a .docm that has been renamed to bypass content scanners. The attachment includes a malicious Word macro that attempts to download Trojan malware from a remote location.
The result of executing this type of malware can cripple a corporate network, leaving it vulnerable to financial, reputational and technological damage allowing criminals access to your network
Warning signs to help identify this email as a scam:
- Whilst it isn’t unusual to receive a job application in poor written English, the body of this email includes a number of uncommon phrases and a host of grammatical errors. Namely, ‘cordially yours’, ‘found it very inviting’ and ‘find me very fitting in your business’.
- A genuine job applicant more often than not will take the time to either address the recipient directly, or reference the company name. This sender does neither.
As a precaution, we urge you not to click links within emails that:
- Are not addressed to you by name or are written in poor English
- Are from businesses/individuals you were not expecting to hear from or that you aren’t 100% positive are from a trusted source
- Ask you to download any files, namely with an .exe file extension, or in this circumstance a forged .doc file extension.
There are many key identifiers for an email recipient to check when assessing if an email is a fraudulent one. To find out more, take a look at our warning guide, Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.
At the time MailGuard discovered this new variant, 80% of common AV vendors were not detecting the malicious exploit within this file.
Uneducated users relying on traditional antivirus vendors that aren’t detecting this exploit are subsequently exposed to infiltration if they download the attached file.
Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email and web borne malware attacks.
Keep up to date with email scams affecting your business by subscribing to MailGuard’s weekly update.