Here we are now, just finishing up the first full week in June.  The weather has been great, the temperature warm, and nice long evenings ahead of us.  Although the COVID19 has taken a little bit of a backseat in the news headlines due to all of the riots that have been occurring here in the United States and even worldwide, it still is there to haunt us. 

Nobody can say for sure what will happen this summer, as businesses have now finally started to open up finally, and workers are starting to go back into the office probably using a phased in approach.

There will also be large gatherings, especially around the 4th of July weekend, as people just want to get away from being cooped up inside for so long.  From what I have seen, there has already been an uptick in more COVID19 cases coming out in more states, and in fact, it is even predicted that there could be yet another WFH episode going into the wintertime.

But, as I say, for everything that has a bad angle to it, there is always a good side, kind of like a mathematical equation.  The good news here is that despite all that has happened, the jobs report that came out yesterday actually showed a net gain. 

From what I understand, this is the strongest job growth over a two-year time span, even well before COVID19 hit.  The financial markets, such as the DOW, the NASDAQ, and the S&P 500 are now at their highs or getting closer to that point.

Talking about the job market, this is still a huge thorn in the United States economy right now.  As of the end of the last week in May, there were some 40,000,000 Americans that filed for unemployment benefits, which if you break it down, comes out to 1 in 4 people filing a claim for it.  This is deemed to be at the highest level since the 1930s, during the time of the Great Depression. 

As of right now, the overall unemployment rate here in the United States stands at about 13.3%, versus the near low of 3% just one year ago.  Many job experts think that this number could reach up to 20% before we start to see a recovery, but then there are others as well who feel that we have reached our peak. 

But whatever the situation is, the bottom line is that there are a lot of people out there looking for work, and those that are working, are working even harder to hang onto their jobs so that they will not get furloughed or get a cut in pay.  Yes, these are incredibly stressful times for everybody, but it has been made even worse by the Cyberattacker.  For example, other than the usual WFH issues, Zoombombing, etc.  job seekers are now in the prime cross hairs.

This was even a problem before COVID19, but it has been greatly exacerbated even further with the sheer number of people looking right now.  Typically, the job candidate would get a scam Email, text message, or even a Robocall from somebody claiming to be a recruiter. 

From there, if the job candidate fell for this initial bait, the Cyberattacker would then use the principles of Social Engineering, so that over a period of time, the victim would then hand over their Personal Identifiable Information (PII).

But seeing how desperate people are right now, the Cyberattacker is cutting through the chase by trying to steal the PII of an individual in just a matter of minutes.  At the present time, this is unfolding on two fronts:  The hijacking of PII of people that are already working; and, sending out phony Emails on behalf of job candidates to recruiters.  Let us break this down further in more detail:

*The hijacking of PII of those individuals that are currently working:

As previously mentioned, given the stress loads that employees are under these days, especially with the WFH issues, many of them are taking some sort of time off or even a brie medical break so that they can recover from both a mental and physical standpoint.  Under these circumstances, an employee not only has to get the permission from their boss, but they also have to fill out a request form that is usually made available by the HR department. Somehow, the Cyberattacker is able to replace the legitimate medical request forms with a phony one, which of course, looks like the real thing.  An example of this is illustrated below:


Typically, this kind of form can be downloaded from the company Intranet, or even be sent over via Email from somebody in the HR Department.  With M365 office applications today, especially those of Word, PowerPoint, and Excel, a warning usually comes up that the file is “Read-Only”, and that you have to enable the file so that you can make changes or enter in relevant information.  This is clearly exemplified in the diagram up above, with the heading entitled “Protected Document”.  This is usually the first warning sign that the file is a phony one.  But unfortunately, once the employee clicks on that to allow stuff to be entered onto the spreadsheet, a malware known as the “Zloader” has been typically used to trigger a malicious payload onto the victim’s device in order to steal their PII.  In these particular instances, the file names were like these:  “COVID -19 FLMA CENTER.doc“, or even “The following is a new Employee Request Form for leave within the Family and Medical Leave Act (FMLA)“.

*The sending out phony Emails on behalf of job candidates to recruiters:

In this scenario, the actual PII of the job seeker has been hijacked before (probably from an earlier Cyberattack), and then is used to create a phony resume as well as Email message to the job recruiter, which is also illustrated below:


In these instances, the subject line will contain something like “Applying For A Job”, or even “Regarding My Job Application”.  The rest of the phony Email message can be seen in the diagram up above.  In terms of the phony resume attachment, in this particular instance, it contained a malicious ISO file, in particular, CV.iso.  Just by first glance, one can tell that this is a malicious attachment, as most resumes will either contain a .PDF or .DOC extension file name.  Once the phony attachment was opened up, the macros were enabled, which then delivered the malware payload to the end user’s device.  In fact, it has even been estimated that at least 1 out of every 450 malicious files that have been sent out are related to phony or spoofed resumes being transmitted.

My Thoughts On This:

If you really think about it, after analyzing the above two scenarios, these really fall under the guises of Phishing attacks.  Of course, this is a subject that I have written about countless number of times, so I am not going to reiterate again on the tips on how to spot and detect a Phishing based Email or a phony/fictitious attachment.  A simple Google search can reveal all that for you.  Or, if you have specific questions, you can always post them on Cybersecurity Forum, which is:

But to the job candidate and recruiter, here is one specific piece of advice:  You can never tell for sure who is real anymore, because of the greatly connected world that we live in these days.  But there are steps you can take to be at least reasonably assured. 

First and foremost, check out their LinkedIn profile.  If one exists, then you have some assurances that the person is for real.  A true job seeker or true job recruiter will always have a reasonably well-done profile with a picture. 

Also, try to conduct a background check, within reason, on the individual in question.  For example, you use the portal known as “My Life”, as they can provide some authentic background information without having to pay for anything upfront.  Finally, if ever in doubt, always pick up the phone and call the information, and just confirm some basic information, such as name, Email address, phone number, etc.

Remember, don’t ever give in to knee jerk reactions:  If you can get an Email saying that a job offer is on the way, make sure the best you can that it is for real before you fall victim for a major Cyberattack.