Malicious emails that masquerade as harmless job application requests with attached resumes are currently hitting inboxes.
The emails ask you to open an attached Microsoft Word file that supposedly contains the sender’s resume. The email also includes a password that you will supposedly need to view the attached document.
The emails are not from genuine job seekers and the attached files are not resumes.
Instead, opening the attached file and following the instructions can install malware on your computer.
When you open the attached Word document, you will be prompted to enter the password provided in the body of the scam email.
Then, a notification will claim that the document is protected and you must enable content before you can access it.
If you do enable content as instructed, a malicious macro can then download and install malware.
The exact nature of this malware may vary. Often, it is ransomware. Ransomware locks the files on your computer and then demands that you pay a fee to online criminals to get a file decryption key. In other cases, the malware may be designed to steal sensitive information such as passwords.
The criminals are password protecting these malware documents as a means of thwarting security software that may otherwise block or flag the attachment.
Be wary of any message that claims that you need to enable editing or enable content to view an ordinary document such as a resume or invoice. Doing so enables macros and there is no good reason why macros would ever be required just to view such documents.
Here’s the text of the malware email:
Subject: Job Application
How is your day?
My name is Lana and I’m interested in a position.
I’ve attached a copy of my resume.
The password is “1234”
Attached file: “Lana.doc”