Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

unemployment phishing scamScammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing report for Q2 2020. The emails contain malicious attachments that purport to be receipts for two months’ salary.

“The employee was informed that the company had been forced to discharge them due to the pandemic-induced recession,” the researchers write. “The dismissal ‘followed the book,’ in that the attachment, according to the author of the email, contained a request form for two months’ worth of pay. Needless to say, the victim only found malware attached.”

There are at least two lessons here. First, fear and anxiety are powerful inducements to getting people to open malicious email. Second, consider the role organizational policy can play here. Do people expect to receive such important notices by email? They probably shouldn’t.

The researchers also observed a spike in voice phishing scams at the end of the quarter. These scammers sent emails posing as Microsoft directing recipients to call the Microsoft Support Team at the phone number supplied in the email.

“The share of voice phishing in email traffic rose noticeably at the end of Q2 2020,” they write. “One mailshot warned of a suspicious attempt at logging in to the target’s Microsoft account, originating in another country, and recommended that the target contact support by phone at the supplied number. This spared the scammers the need to create a large number of fake pages, as they tried to get all the information they needed over the phone.”

Scammers also took advantage of global shipping complications by sending fake notices of delivery delays. Kaspersky highlights one instance in which the scammers disguised a malicious attachment as an image file.

“Another, relatively original, trick employed by cybercriminals was a message containing a miniature image of a postal receipt,” they write. “The scammers expected the curious recipient to take the attachment, which was an ACE archive despite its name containing “jpg”, for the real thing and open it. The mailshots we detected used this as a method of spreading the Noon spyware. The scam can only be detected if the email client displays the full names of attachments.”

New-school security awareness training can enable your employees to make smarter security decisions by teaching them how to recognize these tactics.

Kaspersky has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews