Recent scams send a ‘you’re fired’ message – Kaspersky report
Online scams capitalise on job losses, pandemic disruption.
Scammers worldwide have been exploiting people’s fears of lost jobs and income during the Covid-19 lockdown, by using phishing mails, fake websites and social media to extract personal information, spread malicious software or defraud unsuspecting victims.
This is according to Anna Collard, SVP content strategy and evangelist of KnowBe4 Africa. In a statement issued recently, Collard said according to Kaspersky’s spam and phishing report for Q2 2020, one technique used by scammers was to pose as HR employees and send emails informing recipients that they had been laid off.
The emails contain malicious attachments that purport to be receipts for two months’ salary.
“The employee was informed that the company had been forced to lay them off due to the pandemic-induced recession,” the researchers write. “The dismissal ‘followed the book,’ in that the attachment, according to the author of the email, contained a request form for two months’ worth of pay. Needless to say, the victim only found malware attached.”
Banking phishing attacks also took advantage of people’s economic woes by sending emails purporting to offer various pandemic-related discounts and bonuses, directing them to links that gave attackers access to the victim’s computer or personal information.
Scammers have targeted South Africans hoping for financial relief during the lockdown too: local banks warned customers of phishing scams claiming their UIF funds had been approved, and referring them to an attachment, and fake emails from the government claiming recipients had to enter their banking details on a link to access free funding.
The Department of Labour also cautioned the public about a scam on social media promising people a payout of R30 000, using a spoofed departmental website asking people to check if their names appeared on a list of those entitled to funds.
The goal? Stealing people’s personal information such as bank login details or downloading malicious software.
These scams highlight at least two lessons: First, fear and anxiety are powerful inducements to getting people to open malicious email.
Second, consider the role organisational policy can play here. Do people expect to receive such important notices by email? They probably shouldn’t.
