Malware being sent in job applications, spear phishing aimed at HR

The Internet Crime Complaint Center (IC3) is reporting that businesses have received Bredolab variants in email attachments masquerading as job applications.

“Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online,” IC3 said in a news release.

They also said: “The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.”

It’s called “spear phishing” – malicious code sent specifically to someone in a company who would be expecting that type of email (job applications in attachments in this case.)

One giveaway that you received something like this would be an email attachment with an “.exe” extension when you would be expecting something with a document format.

Tom Kelchner is Research Center Manager at Sunbelt Software. Tom is a communications professional with extensive background in computer security, anti-virus application testing and computer virus analysis. He is a former daily newspaper reporter and deputy press secretary to governor of Pennsylvania.