Trojan malware attacks are resurfacing since businesses are starting to return to work embracing a new normal in a post-COVID-19 world. Organizations have started to resume their hiring practices by posting job opportunities on their website, across job boards, and on LinkedIn to reach as many potential candidates as possible.

Some of these businesses are streamlining their hiring process by requesting that resumes are directly emailed to their HR department. Streamlining this process is creating new exposures in cybersecurity due to a cybercriminal’s ability to socially engineer the situation. 

 

 

Cybercriminals are sending emails with attachments posing as resumes to HR departments. The premise of these attacks is a modern-day Trojan Horse.  A threat posing as a harmless gift. Trojan malware is not a new cyberattack, but it is one of the most unsuspecting. 

If your HR Department fields dozens of resumes a day, there is a significant chance that one of the resumes they open could contain malware. If the file does contain malware, your organization could be allowing keylogging software or ransomware onto your server to attack unencrypted files. 

Without the HR department’s knowledge, a cybercriminal can attach a malicious file to an email that mirrors any other job seekers’ resume. The cyberattack can download ransomware or keylogging software onto the HR department’s computer or infect the entire network. 

 

Ways to Avoid A Potential Trojan Malware In Your inbox.

 

  1. Avoid Resumes sent as Word documents. Have job candidates submit their resumes as plain text within an email or as a PDF. Word Documents are the 2nd most likely file type to contain malware. ZIP and program files are the most likely. 
  2. Do not click social media links embedded into the email. If an applicant shares a link to their social media accounts, don’t click the link. Type out the full URL to ensure the social media account exists. Or search the social media website for the user name your applicant has given you.
  3. Use a recruiter. Working with a trusted recruiter is one way to reduce the number of random emails with attachments that end up in your HR department’s inbox. A trusted recruiter will share only the resumes that are the best fit for your organization.
  4. Have resumes submitted as plain text files instead of as an attachment. If you’re using a web form, have applicants upload their resume as plain text right into a response box instead of having applicants attach a document to an email or upload a document.
  5. Have applicants fax or mail their resumes. Paper wins against malware every time. Submitting a resume through Fax or the regular mail, this ensures there is no way that the submitted resume can contain malware.

These are a few ways to negate the risk of Trojan malware attacking your organization. For more information on how to protect your organization from cyber risks Contact a Risk Advisor at 914-357-8444.

Source Article: Hackers  Targeting Employers- Forbes