Scammers are exploiting Covid-19 crisis by emailing malware-loaded CVs
Nothing is off-limits to scammers, even taking advantage of the Covid-19 pandemic. According to a recent report, cybercriminals are using fake CVs and medical-leave forms to spread banking Trojans and information-stealing malware.
The temporary closure of businesses has seen more than 40 million Americans file for first-time unemployment benefits since March, and although the unemployment rate is now falling from its peak, it remains at 13.3 percent.
Researchers at Check Point have found that bad actors are taking advantage of the situation. The firm writes that CV-themed campaigns have doubled in the last two months, with 1 out of every 450 malicious files being a CV scam.
One of the campaigns uses the Zloader malware to steal victims’ credentials and other details. It’s hidden in malicious .xls files attached to emails, with subject lines such as “applying for a job” and “regarding a job.” If someone does open one of these files, they’re asked to “enable content,” at which point a malicious macro will start running and download the final payload.
Another email campaign takes advantage of the number of employees requesting Covid-19-related medical leave. These have subject lines such as “The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA),” and come from sender domains that include “medical-center.space.” They contain the Icedid malware, another banking Trojan.
With so many businesses closing during the lockdown, coronavirus-related cyber attacks fell 7 percent in May compared to April, but the reopening of firms has seen overall cyberattacks jump 16 percent. There have also been 2,000 malicious or suspicious new coronavirus-related domains registered in the last four weeks.
Readers of this site will know never to open a suspicious email attachment, but many office workers forget their basic IT security training, putting their firm and sometimes themselves at risk.
This isn’t the first example of people exploiting Covid-19 fears. Back in February, when there were only a handful of cases outside of Asia, South Korea was hit with a deluge of scam text messages (smishing) that used false information about the virus.
