Scammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing report for Q2 2020. The emails contain malicious attachments that purport to be receipts for two months’ salary.
“The employee was informed that the company had been forced to discharge them due to the pandemic-induced recession,” the researchers write. “The dismissal ‘followed the book,’ in that the attachment, according to the author of the email, contained a request form for two months’ worth of pay. Needless to say, the victim only found malware attached.”
There are at least two lessons here. First, fear and anxiety are powerful inducements to getting people to open malicious email. Second, consider the role organizational policy can play here. Do people expect to receive such important notices by email? They probably shouldn’t.
The researchers also observed a spike in voice phishing scams at the end of the quarter. These scammers sent emails posing as Microsoft directing recipients to call the Microsoft Support Team at the phone number supplied in the email.
“The share of voice phishing in email traffic rose noticeably at the end of Q2 2020,” they write. “One mailshot warned of a suspicious attempt at logging in to the target’s Microsoft account, originating in another country, and recommended that the target contact support by phone at the supplied number. This spared the scammers the need to create a large number of fake pages, as they tried to get all the information they needed over the phone.”
Scammers also took advantage of global shipping complications by sending fake notices of delivery delays. Kaspersky highlights one instance in which the scammers disguised a malicious attachment as an image file.
“Another, relatively original, trick employed by cybercriminals was a message containing a miniature image of a postal receipt,” they write. “The scammers expected the curious recipient to take the attachment, which was an ACE archive despite its name containing “jpg”, for the real thing and open it. The mailshots we detected used this as a method of spreading the Noon spyware. The scam can only be detected if the email client displays the full names of attachments.”
New-school security awareness training can enable your employees to make smarter security decisions by teaching them how to recognize these tactics.
Kaspersky has the story.