HQ/EMEAFind out how we can help your business
A new cybercriminal activity dubbed the ‘You’re fired’ phishing campaign tricks users into believing they have been terminated when, in fact, they have been hacked and infected with infostealers and other malware.
Reports revealed that the campaign starts with a seemingly legitimate email containing a legal notice advising recipients that their employment has been ended. The discovery comes after companies in different industries informed researchers that the phishing attack targeted their employees.
Some of these entities include the aerospace, travel, insurance, state government, consumer electronics, and education sectors. Moreover, the phishing attempts came from four different email addresses, but the researchers have yet to identify the operators.
The ‘You’re fired’ phishing campaign operators want a huge payday.
The newly discovered ‘You’re fired’ phishing campaign may be financially motivated due to its attempt to steal information from targeted recipients to gain account access.
One of these campaigns has targeted the UK coat of arms and a case number of the country’s Employment Tribunal. The phishing email with a termination subject line informs targeted recipients that the message is urgent and requires immediate action since failure to follow the directions may have serious legal consequences.
Next, the email prompts recipients to click the “Download Document Now” option to obtain pertinent information. However, the URL does not point to any official Tribunal records; instead, it directs the users to a malware-laden fake Microsoft page. As of now, the fraudulent activity only works on Windows devices.
Once the users land on the malicious site, the attackers use a tactic that allows them to avoid security safeguards by requiring the victim to retrieve the malware-laden file through more indirect methods.
The malicious file is an alleged bogus court document, a RAR archive containing a hostile Visual Basic script called “Processo Trabalhista.vbs” or “Labor Lawsuit.vbs.” Once a user runs this script, it downloads a Base64-encoded text file, saves it to the infected PC, and executes additional malware strains.
Threat actors commonly use social engineering strategies to bait and deceive users into accessing their malicious files on phishing emails. Therefore, the public should always be cautious when dealing with unverified attachments within suspicious emails to avoid falling victim to these fraudulent operations.
