Hackers posing as HR sending lay off emails to attack firms

Cybercriminals disguised as HR staff are sending lay-off emails to employees in the pandemic times, pushing malware into their devices, accessing their data and entering the networks of their organisations once the attachments are clicked open, a new report revealed on Saturday.

The weakening of the economy during the pandemic in a number of countries has caused a wave of unemployment, and fraudsters did not miss this opportunity to strike via innovative phishing attacks.

Experts at cyber security firm Kaspersky encountered various mails that announced, for example, some amendments to the medical leave procedure, or surprised the recipient with the news about their dismissal.

“In some attachments, there was a Trojan-Downloader.MSOffice.SLoad.gen file. This Trojan is most often used for downloading and installing encryptors,” the firm said in a statement.

The phishing attacks are becoming increasingly more targeted and now even use delivery notifications, according to Kaspersky’s new spam and phishing Q2 2020 report.

At the peak of the pandemic, organizations responsible for delivering letters and parcels were in a hurry to notify recipients of possible delays.

“These are the types of emails that fraudsters began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination,” the report said.

By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for innocent people’s credentials.

In Q2 (April-June quarter), phishers increasingly performed targeted attacks, focusing on small companies.

Another relatively original move used by fraudsters was a message containing a small image of a postal receipt.

The scammers expected that the intrigued recipient would accept the attachment (which, although it contained JPG’ in the name, was an executable archive) as the full version and decide to open it.

The “Noon” spyware was found in mailings such as those examined by Kaspersky researchers.

“While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” commented Tatyana Sidorina, security expert at Kaspersky.

Phishing is one of the oldest and most flexible types of social engineering attacks.

They are used in many ways, and for different purposes, to lure unwary users to the site and trick them into entering personal information.

“In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised. This makes phishing a popular initial infection method,” the researchers noted.

Once a fraudster has gained access to an employee’s mailbox, they can use it to carry out further attacks on the company the employee works for, the rest of its staff, or even its contractors.