You recently engaged a contract HR recruiter to work onsite helping with increased hiring. The contractor is reviewing hundreds of job applications for several new job postings. Not surprisingly, many of the job applications have a PDF resume attached. The contract recruiter clicks on one of the attached resumes and enables the associated macro to run. Suddenly, the recruiter gets a screen notifying him that unless a ransom is paid, the victim will not be able to access their files. Not the best way to start off the week for HR, IT, or security employees.

Clicking on what appeared to be a routine innocuous attachment, the contract recruiter unsuspectingly downloads ransomware. At which point, the recruiter is directed to make a payment of approximately $1,000 (or 1.3 Bitcoins) using an untraceable payment method in a Dark Web portal. The brazen malware operators even offer tech support in case the victim has issues making the payment. Without the payment, the victim is precluded from accessing their files. This recent scam started with German companies, but may soon be coming to a company near you.

What can you do to avoid a similar tale of woe?

  • First, don’t run scripts from emails outside your company. Don’t enable any macros.
  • Second, open outside documents using a cloud service, such as GoogleDocs.

More and more companies are turning to “phishing simulation training” that puts employees in positions to help them recognize fraudulent communications such as these. However, more employers are using temps and contract employees to augment their regular workforce when lots of hiring needs to occur quickly. Unfortunately, contract employees may not receive cybersecurity training before being assigned to a company.

With tax season upon us, HR should be extra vigilant and should expect new phishing scams to be unveiled. Last year, hackers had great success in getting unsuspecting payroll employees to provide access to employees’ personal data by posing as a high-level executive requesting the information. Who knows what hackers have in store for this tax season?