{"id":1533,"date":"2019-04-06T19:33:41","date_gmt":"2019-04-06T19:33:41","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1533"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Fake-Password-Protected-Job-Application-Emails-Contain-Macro-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1533","title":{"rendered":"Fake Password Protected Job Application Emails Contain Macro Malware"},"content":{"rendered":"<div>\n<p>Malicious emails that masquerade as harmless job application requests with attached resumes are currently hitting inboxes. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>The emails ask you to open \u00a0an attached Microsoft Word file that supposedly contains the sender&#8217;s resume. \u00a0 The email also includes a password that you will supposedly \u00a0need to view the attached document.<\/p>\n<p>The emails are not from genuine \u00a0job seekers and the attached files are not resumes.<\/p>\n<p>Instead, opening the attached file and following the instructions can install malware on your computer.<\/p>\n<p>When you open the attached \u00a0Word document, you will be prompted to enter the password provided in the body of the scam email.<\/p>\n<p>Then, a notification will claim that the document is protected and you must enable content before you can access it.<\/p>\n<p>If you do enable content as instructed, a malicious macro can then download and install malware.<\/p>\n<p>The exact nature of this malware may vary. Often, it is ransomware. Ransomware locks \u00a0the files on your computer and then demands that you pay a fee to online criminals to get a file decryption key. In other cases, the malware may be designed to steal sensitive information such as passwords.<\/p>\n<style>\n\t\t\t\t\t#wpsm_accordion_19216 .wpsm_panel-heading{\npadding:0px !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title {\nmargin:0px !important; \ntext-transform:none !important;\nline-height: 1 !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title a{\ntext-decoration:none;\ncolor:#000000 !important;\nfont-size:18px !important;\ndisplay:block;\npadding:0px;\nfont-family: Open Sans !important;\npadding-top: 10px;\npadding-bottom: 10px;\nborder-bottom:1px solid  #ddd !important;<\/p>\n<p>}\n#wpsm_accordion_19216 .wpsm_panel-title a:hover,#wpsm_accordion_19216 .wpsm_panel-title a:visited, #wpsm_accordion_19216 .wpsm_panel-title a:focus {\n\tcolor:#000000 !important;\n}\n#wpsm_accordion_19216 .acc-a{\n\tcolor: #000000 !important;\n\tbackground-color:#7dcec9 !important;\n\tborder-color: #ddd;\n}\n#wpsm_accordion_19216 .wpsm_panel-default > .wpsm_panel-heading{\n\tcolor: #000000 !important;\n\tbackground-color: #7dcec9 !important;\n\tborder-color: #7dcec9 !important;\n\tborder-top-left-radius: 0px;\n\tborder-top-right-radius: 0px;\n}\n#wpsm_accordion_19216 .wpsm_panel-default {\n\t\tborder:0px solid transparent !important;\n\t}\n#wpsm_accordion_19216 {\n\tmargin-bottom: 20px;\n\toverflow: hidden;\n\tfloat: left;\n\twidth: 100%;\n\tdisplay: block;\n}\n#wpsm_accordion_19216 .ac_title_class{\n\tdisplay: inline-block;\n    padding-top: 5px;\n    padding-bottom: 5px;\n    padding-left: 13px;\n    padding-right: 10px;\n    border: 0px solid #ddd;\n\tfont-size:18px !important;\nfont-family: Open Sans !important;<\/p>\n<p>}\n#wpsm_accordion_19216  .wpsm_panel {\n\toverflow:hidden;\n\t-webkit-box-shadow: 0 0px 0px rgba(0, 0, 0, .05);\n\tbox-shadow: 0 0px 0px rgba(0, 0, 0, .05);<\/p>\n<p>\t\tborder-radius: 4px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel + .wpsm_panel {\n\t\tmargin-top: 0px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel-body{\nbackground-color:#e2e2e2 !important;\ncolor:#000000 !important;\nborder-top-color: #7dcec9 !important;\nfont-size:16px !important;\nfont-family: Open Sans !important;\noverflow: hidden;<\/p>\n<p>border: 0px solid #ddd !important;<\/p>\n<p>border-top:0px !important;\n}<\/p>\n<p>#wpsm_accordion_19216 .ac_open_cl_icon{\n\tbackground-color:#dd3333;\n\tcolor: #ffffff;<\/p>\n<p>     padding-top: 5px; \n     padding-bottom: 5px; \n\t margin-left:10px;\n    line-height: 1.0;\n    font-size:18px !important;\ntext-align: center !important;\n     width: 32px !important;\n    display: inline-block;<\/p>\n<p>}\n#wpsm_accordion_19216 .ac_open_cl_number{\n width: 25px !important;\n    display: inline-block;\n\t margin-left:10px;\n\t text-align: center !important;\n\t font-size:18px !important;<\/p>\n<p>}<\/p>\n<p>\t\t\t #wpsm_accordion_19216 .wpsm_panel-heading {\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}\n\t\t\t#wpsm_accordion_19216 .ac_open_cl_icon{\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}<\/p>\n<\/style>\n<div class=\"wpsm_panel-group\" id=\"wpsm_accordion_19216\" >\n<p>\t\t\t\t  <!-- Inner panel Start --><\/p>\n<div class=\"wpsm_panel wpsm_panel-default\">\n<div class=\"wpsm_panel-heading\" role=\"tab\" >\n<h4 class=\"wpsm_panel-title\">\n\t\t\t\t\t\t<a  class=\"\"  data-toggle=\"collapse\" data-parent=\"#wpsm_accordion_19216 \" href=\"#ac_19216_collapse1\"  ><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"ac_title_class\"><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span style=\"margin-right:6px;\" class=\"fa fa-lightbulb-o\"><\/span><br \/>\n\t\t\t\t\t\t\t\tToggle to read more about macros\t\t\t\t\t\t\t<\/span><br \/>\n\t\t\t\t\t\t<\/a><br \/>\n\t\t\t\t\t  <\/h4>\n<\/p><\/div>\n<div id=\"ac_19216_collapse1\" class=\"wpsm_panel-collapse collapse_19216 collapse \"  >\n<div class=\"wpsm_panel-body\">\n<div class=\"indentPara\">For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows.<\/p>\n<p>But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.<\/p>\n<p>However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, \u00a0<a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">malicious macros are again being used<\/a> \u00a0to spread malware. \u00a0<\/p>\n<p>In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.<\/p>\n<p>Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.\t\t\t\t\t  <\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>\t\t\t\t   <!-- Inner panel End --><\/p><\/div>\n<p>\t\t\t\t<script>\n\tjQuery(document).ready(function() {<\/p>\n<p>\t\t\tjQuery('.collapse_19216').on('shown.bs.collapse', function(){jQuery(this).parent().find(\".fa-plus\").removeClass(\"fa-minus\").addClass(\"fa-minus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").addClass(\"acc-a\"); }).on('hidden.bs.collapse', function(){jQuery(this).parent().find(\".fa-minus\").removeClass(\"fa-minus\").addClass(\"fa-plus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").removeClass(\"acc-a\");});<\/p>\n<p>\t\t});\n\t<\/script><\/p>\n<p>The criminals \u00a0are password protecting these malware documents as a <a href=\"https:\/\/www.tripwire.com\/state-of-security\/latest-security-news\/macro-malware-employs-password-protection-to-evade-analysis\/\">means of thwarting security software<\/a> that may otherwise \u00a0block or flag the attachment. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> Be wary of any message that claims that you need to enable editing or \u00a0enable content to view an ordinary document such as a resume or invoice. \u00a0 Doing so enables macros and there is no good reason why macros would ever be required \u00a0just to view such documents.<\/p>\n<p>Criminals \u00a0regularly use <a href=\"https:\/\/www.hoax-slayer.net\/my-resume-malware-emails\/\">fake resumes<\/a> and <a href=\"https:\/\/www.hoax-slayer.net\/review-my-cv-macro-malware-email\/\">CVs<\/a> as a means of distributing malware.<\/p>\n<h2>Here&#8217;s the text of the malware email:<\/h2>\n<div class=\"example\">\n<p><strong>Subject: Job Application<\/strong><\/p>\n<p>How is your day?<br \/>\nMy name is Lana and I&#8217;m interested in a position.<\/p>\n<p>I&#8217;ve attached a copy of my resume.<br \/>\nThe password is &#8220;1234&#8221;<\/p>\n<p>Best regards!<\/p>\n<p>Lana<\/p>\n<p>Attached file: &#8220;Lana.doc&#8221;<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- Third Content Ad Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1909104632\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/fake-password-protected-job-application-emails-contain-macro-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/fake-password-protected-job-application-emails-contain-macro-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malicious emails that masquerade as harmless job application requests with attached resumes are currently hitting inboxes. \u00a0 The emails ask you to open \u00a0an attached Microsoft Word file that supposedly contains the sender&#8217;s resume. \u00a0 The email also includes a password that you will supposedly \u00a0need to view the attached document. The emails are not [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1533"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1533"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1533\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}