The coronavirus has severely affected the economy in many countries worldwide. Many companies have implemented short-term work, laid off employees, or adapted existing leave, sickness, or parental leave regulations.
Digital criminals worldwide exploit this fact and distribute “phishing emails”, as recent Kaspersky research show in the second quarter of 2020.
Kaspersky experts have come across several emails sent on behalf of corporate HR departments to steal data; some of them announced alleged changes regarding sick and parental leave; others informed the recipient of his dismissal and offered an attached file with an alleged application for a two-month continuous salary payment.
Some of the attachments in these emails contained Trojan, in particular the Trojan “Downloader.MSOffice.SLoad.gen” file. This file is often used to download and install malicious encryption software.
Digital criminals also targeting jobseekers
Kaspersky experts have previously identified “spam” and “phishing emails” with fake job offers that were supposedly sent by large companies. When the victim opened them, a bank Trojan aimed at stealing money was downloaded.
With rising unemployment and the consequent increase in job searches on the internet, users should be especially careful, said Dmitry Bestuzhev, Director of the Global Research and Analysis Group for Kaspersky Latin America:
“Due to COVID-19, job search and job interviews were transferred almost 100% online. While this is beneficial for companies looking to fill vacancies and for jobseekers, digital criminals exploit users’ desperation and carelessness to deceive them with attractive but fraudulent job offers. However, with the right internet security precautions from applicants and employers, hiring processes can continue to be handled safely.”
Kaspersky’s recommendations for better protection:
- Check the sender’s address, website address, and unexpected and unknown message links to make sure they are legitimate sources.
- Pay attention to the text: Well-known companies don’t send emails with non-professional formatting, or poor grammar.
- Do not open attachments or carelessly “click” on “links” in “email”, especially if the sender insists.
- In general, pay attention to what personal data -such as “email”, or phone number- is disclosed on online platforms. This is how digital criminals store user data to use to send “spam” and “phishing”.
- Use a reliable security solution, such as “Kaspersky Security Cloud”, that can detect malicious attachments and block “phishing” sites.