Physically presenting your CV for a prospective job offer is fast becoming obsolete. The digital world has simplified correspondence between people by electronic or digital means. Applicants are able to send their CV’s to companies via email attachments.
In recent attacks cyber-criminals send malicious data disguised as CV’s, upon opening the attachment, the malware installs itself on the victim’s computer. It then encrypts the data on the PC/Network and requests a ransom in-turn for the decryption code. This type of attack is known as ransomware.
The attachment is usually compressed into a ZIP file. The emails also contain a short text with a greeting from the fake candidate in which they give their name and notification of its delivery. Another common characteristic of the email is the misspelling of words and grammatical errors.
Once the user clicks to open the document, their search engine will open the address that appears in the code (just like clicking on a link). The fake link redirects the program to a page on the infected server where a sequence of links is played out until a .scr file is downloaded – an executable file for Windows that contains the ransomware.
Cyber-criminals have gone to great lengths to deceive users, as most antivirus solutions and anti-spam filters have forced them to design a method of attack that takes place over a series of stages as to evade the system’s defences. This should also serve as a warning – if your computer goes through different steps to open a simple CV, it is most likely malicious.
In the event of this or any other type of ransomware infection, the first thing you should do is turn off your PC and disconnect it from the network to avoid it from spreading to the rest of your devices that share the same connection. The malicious program might be eliminated, but it’s likely that you won’t be able to get your information back, which is why it is highly recommended that you make back-ups of all of your confidential and important information. It’s best to save it onto a different device such as an external drive or cloud service.
Do not be misled that by paying the ransom that you are ensured to retrieve your data, nothing can guarantee this. It is better to take preventative measures such as making back ups of your data on a regular basis.