The unemployment ratio around the globe has skyrocketed amid the COVID-19 crisis painting a somber image of what can be termed as “The Great Economic Depression 2.0”. As per CNBC’s report, the unemployment rate in the U.S. alone is expected to reach around 20%. With 20.5 million jobs already lost in April, economists estimate another 8.33 million job cuts in May. However, cybercriminals are using this opportunity for luring this already vulnerable group of unemployed people into fake CV phishing scams.
The Fake CV Phishing Scam
Researchers at Check Point, a cybersecurity service provider, have discovered that in May 2020, nearly 250 new domains have been registered that consist of the word “employment.” Of these, 7% of domains were found to be malicious and 9% were ought to be suspicious. They also observed a doubling-up of the ratio for the past two months with 1 out of every 450 malicious files being a fake CV phishing scam.
The cybercriminals lured potential victims into opening the malicious .xls attachments, firstly by naming the files as a person’s name, which indicated that it is that person’s CV and secondly by using phishing email subject lines such as “applying for a job” or “regarding job.” Victims were then asked to render “enable content” permission, which further initiated the malicious macro file downloading the final payload like a malware, trojan, ransomware.
The U.K. and Romanian Version
Check Point researchers also found another version of a similar campaign running in the U.K. and Romania.
However, these emails had a different subject line and a different file format of the malicious attachment. Its subject said, “CV from China” and contained an ISO format file (CV.iso). On opening this .iso file, a malicious .exe file (CV.exe) would run, installing an info-stealing malware on the victim’s system.
With nations coming out of the lockdown and businesses gradually coming back to life, economists expect to see a dip in unemployment ratio from June onwards, while cybersecurity experts hope to see a subsequent dip in the fake CV phishing scams.