Real World Risk Management Practical HR Resources
Are you a new user?

print   email   Share

Watch Out For Phishing Emails Claiming Layoffs And Other COVID-Related Topics

Cybersecurity experts discovered a new malware attack in which cybercriminals are posing as human resources staff.

Some of the phishing emails claimed to contain "amendments to the medical leave procedure" for employees. Others inform the employee that he or she "is being laid off".

When the employee opens the attachment contained in the email, the victim's device is infected with malware. The cybercriminals can then access their victim's data as well as the organization's network.

Some attachments contain a Trojan-Downloader.MSOffice.SLoad.gen file that allows cybercriminals to download and install encryptors.

Phishing attacks have become more targeted recently, focusing on small organizations. "Hackers Are Posing as HR & Sending Lay-Off Mails to Push Malware" (Aug. 22, 2020).


Now is the time to use extra caution when receiving an unexpected email that contains a link or attachment, especially if it seems related to COVID-19.

Cybercriminals often take advantage of emotions—particularly fear or excitement—and use curiosity surrounding current events to trap their victims. Therefore, concerns surrounding the pandemic offer ideal fodder for phishing scams.

Other coronavirus-related scams include one in which cybercriminals send emails with the “COVID-19 Cure” card as an attachment, which contains malware.

Another common scam involves emails spoofing parcel services informing recipients that their package has been delayed and they need to open an attachment to learn where they can pick it up. Other emails contain a small image of a postal receipt that victims click on to see a larger format. In either case, their devices are infected with malware when they open the attachment.

Watch out for these and other topical phishing scams, and never click on a link or attachment unless you are expecting it and are certain of what it contains.

Finally, your opinion is important to us. Please complete the opinion survey:

Spotify Breach: It's Time To Go To A Password Manager

Changing passwords, associated passwords, and logging out everywhere are important steps for cybersecurity. We examine.

read more

Identifying Employee Personality Typing May Help Blunt Cybercrime

New research finds that personality type may determine an employee's strengths and weaknesses as it relates to cyber threats. We examine.

read more

Bad State Actors And Criminals Are Focusing On Updates After SolarWinds Hack

Cybercriminals often hack organizations or spoof software updates to spread malware. We examine.

read more

Knowing Internal Online Habits Helps Limit The Risk Of Cloud-Based Malware Attacks

McAfee's second quarter report reveals a significant rise in malware attacks, particularly in cloud-based user accounts. We examine.

read more