Be aware: There’s a new kind of malware computer attack targeting HR professionals.
Ransomware, a form of malware that blocks access to computer files until a ransom is paid, is arriving in HR pros’ inboxes dressed as job applications, according to the research team at Check Point Software Technologies Inc., a provider of IT security products.
Here’s what Check Point says to be on the lookout for.
The ransomware attack usually begins with a brief email from someone posing to be a job applicant that contains two attachments:
- The first is a PDF file containing a cover letter, which has no malicious content. Check Point says its primary intent is to “lull the victim into a false sense of security.”
- The second is an Excel file that contains malicious content. When opened, it’ll ask the victim to enable macros to run.
If the victim enables macros to run, files on the victim’s computer will then begin to be encrypted. This will render the victim unable to access any of their files unless a ransom of approximately $1,000 is paid to an untraceable recipient online.
So far, the attackers appear to be targeting German-speaking victims, but their focus could shift to English-speaking operations.
So how can HR pros protect themselves, as well as their companies’ data:
- Ask IT for some tips on how to identify and separate malicious content from safe content.
- If anything suspicious comes into your inbox, talk to an IT professional before opening it.
- Don’t enable macros on Microsoft Office documents.
- Upload any attachments from untrusted sources to a cloud-based server, like Google Docs. This will allow you to open the files online, rather than on your computer. This tends to be safer than opening files directly on your computer.
- Make sure you’ve got the latest version of your operating system, and that your anti-virus/anti-malware software is up to date.