Phishing Scammers Target Job Seekers with Sophisticated Money-Stealing Scheme

Woburn, MA – May 15, 2019 – In the first quarter of 2019, Kaspersky Lab experts detected a blast of sophisticated spam emails featuring fake job offers, which appeared to come from HR managers and recruiters in large corporations. Disconcertingly, the emails were actually sent by spammers and were designed to install money-stealing malware on consumers’ devices.

Spam emails are an often underestimated threat, able to spread malware through deceptive social engineering methods and claim many victims. To track spam messages, Kaspersky Lab researchers use honeypots – virtual ‘traps’ that are able to detect malicious emails and catch threat actors. For this particular operation, company experts tracked fraudsters that were trying to exploit job seekers, and reported an analysis of their findings in the new “Spam and Phishing in Q1 2019” report.

Kaspersky Lab researchers found that recipients of such spam emails were typically offered an alluring position in a large company. Targets were invited to join a free job search system by installing a special application on their device that would supposedly provide access to a job search database. To make the installation process look trustworthy, it was accompanied by a pop-up window with the words “DDoS Protection” and a fake message that claimed the user was being redirected to a legitimate recruiting website.

Screenshot of malicious e-mail sample and a pop-up window

However, victims were actually redirected to a cloud storage site, from where they were instructed to download a malicious installer that looked like a word processing file. This file’s function was to download the infamous Gozi banking Trojan, one of the most commonly used malware programs for stealing money, to the victim’s machine.

“We often see spammers using names of large and well known companies, as it helps them to succeed in their malicious business and gain people’s trust,” said Maria Vergelis, security researcher at Kaspersky Lab. “Famous brands with a solid reputation can become victims of fraudsters who pretend to be them and lure unsuspecting users into downloading a malicious attachment to their computers. This particular scheme involved the names of both well known recruiting companies and respected businesses, which made it even more sophisticated. One needed to check the email address line for errors to suspect that the job offer was not authentic.”

Kaspersky Lab detects the malicious download as Trojan-Banker.Win32.Gozi.bqr.

Additional key findings from the report include:

• In Q1 2019, Kaspersky Lab's anti-phishing module prevented 111,832,308 attempts to direct users to scam websites. This is a 24% increase compared to the Q1 2018 figure of 90,245,060 attempts.
• The banking sector has become the number one target for phishing attacks, followed by global internet portals and payment systems.
• Brazil was the country with the largest share of users attacked by phishers in the first quarter of 2019 (22% of all attacks). It was followed by Austria (17%) and Spain (17%).
• In Q1 2019, the amount of spam peaked in March (56.3%). The average share of spam in the world’s email traffic was 56%, which is 4% more than in Q1 2018.
• China (16%) was the most popular source of spam, followed by the United States (13%) and Russia (7%).
• The country most targeted by malicious mailshots was Germany with 12%. Vietnam came second with 6% of attacks, followed by Russia (5%).

The full report on spam and phishing in Q1 2019 can be found on Securelist.

About Kaspersky Lab 
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.