{"id":529,"date":"2020-06-05T17:50:18","date_gmt":"2020-06-05T15:50:18","guid":{"rendered":"https:\/\/tekmart.co.za\/t-blog\/?p=529"},"modified":"2020-06-05T17:50:19","modified_gmt":"2020-06-05T15:50:19","slug":"coronavirus-cyber-criminals-target-laid-off-workers","status":"publish","type":"post","link":"https:\/\/tekmart.co.za\/t-blog\/coronavirus-cyber-criminals-target-laid-off-workers\/","title":{"rendered":"Coronavirus: Cyber criminals target laid-off workers"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<h1 class=\"wp-block-heading\"><strong>Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic<\/strong><\/h1>\n\n\n\n<p>By<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\"><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-2018.jpg\" alt=\"\"\/><\/a><\/figure>\n\n\n\n<p><strong>Alex Scroxton<\/strong><\/p>\n\n\n\n<p><strong>Security Editor -TechTarget &#8211;<a href=\"https:\/\/www.computerweekly.com\">ComputerWeekly.com<\/a><\/strong><\/p>\n\n\n\n<p>Malicious Microsoft Excel files masquerading as CV attachments sent under the subject lines \u201capplying for a job\u201d or \u201cregarding job\u201d are luring victims left out-of-work thanks to the Covid-19 coronavirus pandemic into giving up valuable banking credentials, according to new research released today by Check Point.<\/p>\n\n\n\n<p>When opened, the files prompt their target to \u201cenable content\u201d, which when clicked actually downloads the dangerous <strong>ZLoader<\/strong> banking malware, which steals passwords and other private information from users, including browsing cookies. Armed with this information, cyber criminals can connect into the victim\u2019s system and make illicit financial transfers from the victim\u2019s legitimate device.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cAs unemployment rises, cyber criminals are hard at work. They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret,\u201d said Check Point manager of data intelligence, Omer Dembinksy.<\/p><\/blockquote>\n\n\n\n<p><\/p>\n\n\n\n<p>Check Point said it has observed the number of malicious files masquerading as a CV doubling in the past two months around the world as millions of workers lose their jobs as governments shutter their economies in national lockdowns. The problem is particularly acute in the US, where dysfunctional governance and a lack of social security protections has seen 40 million file for unemployment since March, about a quarter of the working population.<\/p>\n\n\n\n<p>It added that a statistically-notable number of malicious phishing scams were now exploiting various Covid-19 layoffs and renumeration schemes. Check Point\u2019s team also found that 7% of domains registered in May containing the world \u201cemployment\u201d are malicious, and another 9% suspicious.<\/p>\n\n\n\n<p>In addition to the threat from ZLoader, Check Point researchers also observed an uptick in activity around the IcedID banking malware family \u2013 this strain targets banks, payment card providers, mobile services providers and online retailers, and tricks users into submitting their logon credentials on a fake page, to be sent to the attacker\u2019s server alongside other authorisation details that can be used to compromise user accounts.<\/p>\n\n\n\n<p>The IcedID threat currently seems to be exploiting medical leave forms, said Check Point, using filenames such as \u201cCOVID-19 FLMA CENTER.doc\u201d sent via email with the subject line \u201cThe following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)\u201d.<\/p>\n\n\n\n<p>The emails originate from a number of different sender domains, such as \u201cmedical-center.space\u201d in order to lure targets into opening the malicious attachments.<\/p>\n\n\n\n<p>Users can follow a number of steps in order to minimise their chances of falling victim to this sort of scam. It is important to remember to keep a look out for lookalike domains, watching for spelling errors in the names of official looking websites or emails; to be cautious with any file received via email that is not expected or does not come from a sender known to you; to use authentic, official sources to shop online, and never click on promotional links in emails; to be suspicious of any special offers, particularly coronavirus-related ones; and to follow basic principles around password hygiene and management, and never using duplicate passwords.<\/p>\n\n\n\n<p>However, there were some signs that cyber criminal activity exploiting the pandemic was tailing off a little. In May, Check Point said it had witnessed an average of 158,000 coronavirus-related attacks every week \u2013 this was a 7% decrease when compared to April, when the outbreak peaked in many countries.<\/p>\n\n\n\n<p>Last month, it saw 10,704 new coronavirus-related domains registered, 2.5% of them malicious and 16% suspicious.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time-approximately:<\/span> <span class=\"rt-time\"> 3<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>Malicious actors are targeting workers laid-off or furloughed during the coronavirus pandemic By Alex Scroxton Security Editor -TechTarget &#8211;ComputerWeekly.com Malicious Microsoft Excel files masquerading as CV attachments sent under the subject lines \u201capplying for a job\u201d or \u201cregarding job\u201d are luring victims left out-of-work thanks to the Covid-19 coronavirus pandemic into giving up valuable banking credentials, according to new research<\/p>\n<p><a class=\"more-link\" href=\"https:\/\/tekmart.co.za\/t-blog\/coronavirus-cyber-criminals-target-laid-off-workers\/\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,4,54,3],"tags":[],"class_list":["post-529","post","type-post","status-publish","format-standard","hentry","category-covid-19-global-responses","category-datacenter-news","category-hackers-and-cybercrime-prevention","category-industry-news-and-expert-advise"],"_links":{"self":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/comments?post=529"}],"version-history":[{"count":1,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/529\/revisions"}],"predecessor-version":[{"id":530,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/posts\/529\/revisions\/530"}],"wp:attachment":[{"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/media?parent=529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/categories?post=529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tekmart.co.za\/t-blog\/wp-json\/wp\/v2\/tags?post=529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}