Home office workers are often the weakest link in the chain of defense. Companies should therefore make their employees aware that cyber criminals are sending fake emails (phishing emails) on behalf of the company. Employees should be lured into traps, as Kaspersky was able to observe.
Corona has severely affected the economy in many countries, including Germany; many companies introduced short-time working, laid off employees or adjusted existing regulations on vacation, illness or parental leave.
Cyber criminals around the world are taking advantage of this fact and are spreading phishing emails aimed at them, as current Kaspersky investigations of the second quarter show: Kaspersky experts have come across various emails that were sent on behalf of the human resources department of companies in order to steal data. Some of them announced supposed changes in terms of sick leave and parental leave; Others informed the recipient of his dismissal and offered in the appendix an alleged application for two months of continued payment of the salary.
Fake emails to employees in the home office
Some of the attachments to these e-mails contained a Trojan, more precisely: a Trojan-Downloader.MSOffice.SLoad.gen file. It is often used to download and install encryption malware.
Kaspersky experts were able to identify spam and phishing emails with fake job offers that supposedly came from large companies. If the victim opened it, a banking Trojan was downloaded to steal money.
Due to increasing unemployment and the associated increased job search online, users should pay particular attention, warns Dmitry Bestuzhev, director of the global research and analysis team at Kaspersky Latin America:
“Due to COVID-19, job searches and interviews are currently almost 100 percent online. While this is beneficial for both companies looking to fill vacancies and those looking for employment, cyber criminals take advantage of users' desperation and negligence to trick them with attractive but fraudulent job offers. However, with appropriate precautions for the internet security of applicants and employers, recruiting processes can still be handled securely. "
Kaspersky tips for more protection in the home office
- Carefully check the sender address, website address and links for unexpected and unknown messages to ensure that the source is really a legitimate source.
- Pay attention to the text: Well-known companies do not send e-mails with unprofessional formatting or poor grammar.
- Do not open attachments or click on links in emails carelessly, especially if the sender insists on them.
- In addition, you should generally pay attention to what personal data, such as email address or telephone number, is disclosed on online platforms. This is how cybercriminals get to user data in order to misuse it for spam and phishing.
- Use a reliable security solution, such as Kaspersky Security Cloud, that can identify malicious attachments and block phishing sites.
More on this at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/