Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 9 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cleverly Disguised ‘Job Application’ Email Delivers Malicious Payload.

by The Gurus
October 29, 2018
in News
Image of a fake cv
Share on FacebookShare on Twitter

Don’t be fooled if you receive an email masquerading as a job application. The email contains a fraudulent resume that can infect your computer.

Targeting HR professionals, the email comes from a large number of different compromised email accounts, with unique sender names and a variety of subject lines, making it difficult to spot.

This is a large-scale run of scam emails, which MailGuard has been intercepting over the past week and a half.

The body of the emails is simple, informing recipients that the sender is interested in applying for a job vacancy, or more specifically that they are ‘interested in a position.’ The email also includes a password-protected resume and contains a password to access the resume.

Unsuspecting recipients who attempt to access the resume by entering the password end up initiating the download of a malicious payload.

The large number of different sender names and different subject lines, makes this scam a challenge for anyone that is currently recruiting, or reviewing resumes. Here are a few examples of the various subject lines cybercriminals have used for this email scam:

Application
Job Application
Regarding Job
Job
Hiring
Regarding position
What to look out for

Some tell-tale signs to look out for include:

The use of a password to trigger the download of the malicious payload. This makes it harder for email filtering services to access the payload directly. Hence, it is less likely that the email will be classified as a scam.

Recipients should also look for job application emails that are not specific about the nature of the desired role, simply stating that the applicant has attached their resume and is ‘interested in a position.’

The above email scam is a great example of how cybercriminals can leverage routine business correspondence to trick unsuspecting recipients. Even if a potential victim doesn’t recognise the sender details, they might conceivably download the file to satisfy their curiosity.

Commenting on the scam, Craig McDonald, CEO & Founder of MailGuard, an Australian cybersecurity firm said;

“This is a very subtle, and insidious email scam. I sympathise with HR professionals who are trying to sift through resumes, hoping not to download something malicious.”

“Embedding the download of malware files in a password-protected .doc is nothing new, but disguising those files as resumes makes them very hard to detect. Cybercriminals are proving to be more persistent, more cunning and better organised than ever before.”

“Targeted HR professionals, this email scam reminds us of the importance of being cyber aware regardless of our professional backgrounds and interests. Anyone can be a target of cybercrime anywhere.”

[tpr-boilerplate company=’null’]

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Neustar Acquires Verisign’s Security Services Customer Contracts.

Next Post

People Have Lost Control Of Their Personal Data, Warns Kaspersky Lab.

Recent News

Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato SASE Cloud Named “Leader” and “Outperformer” in GigaOm Radar Report for SD-WAN

February 7, 2023
AT&T Cybersecurity grows SASE offering by adding Palo Alto Networks

UK second most targeted nation behind America for Ransomware

February 7, 2023
safe

Will Emphasising App Security Lead to More App Installs?

February 6, 2023
Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information