CEOs: Are Job Applications Submitted to your Company Being Hacked?

Media Division | May 17, 2017

As recently reported by International Business Times, a hacker stole close to 100,000 job applications from McDonald’s in Canada in March of this year.  All personal information the applicants submitted was compromised.  These applications were filed on the company’s own career website through online forms.

Apparently, cyber criminals are posing as job applicants and infecting human resource departments with malicious software.  They are banking on the fact that human resource employees open a fair number of emails from unknown senders.  One particular ransomware called GoldenEye is spreading like wildfire.

It works like this: the cyber hacker sends a cover letter and another file that appears to be a resume.  The cover letter is usually opened up first and makes you believe this is a standard job application.  The second file, however, is an excel file that contains the ransomware.  When you attempt to open it, it tells you that it’s loading and that you must turn on your Macros to view the file.  Unfortunately, when you do turn on your Macros, the ransomware encrypts not only your files but also your hardware. Then, you’re presented with a ransom note which demands you pay them to get your files back.

The easiest way to avoid this is simply not to enable the Macros within Microsoft Office on your computer.  However, if you do come across a ransom note, you probably shouldn’t pay it.  These criminals will often ignore the fact that a payment was made and leave you with the problem anyway.  Additionally, if you do pay, the hackers often find a way to get you again through other targeted cyber attacks.  After all, they know you can be counted on to pay.

There are hundreds of ransomware viruses, all of which encrypt files and make ransom demands.  These usually come from the following sources: attachments in spam emails, free download websites, free file hosting websites, unofficial software downloads, and Trojans which trick you into downloading them onto your system.

Protect Your Company from Cyber Attacks

It is a good idea to purchase a credible anti-virus spyware. If you do get infected, hire a professional to decrypt the files.  Despite the fact that cyber criminals lead you to believe that paying them is your only option, it is possible to decrypt and get your files back.

One of the other things you can do to protect yourself from cyber hacking is to back up your files.  Having an effective recovery system in place means your files are not lost for good.  This does not include storing files on the cloud.  If using a USB device, make sure it’s not plugged into the computer.

Moreover, in their guidelines, nomoreransom.org warns to trust no one and never open email attachments from someone you don’t know. Also, if you discover an unknown process on your computer, disconnect it immediately from the internet (including wi-fi).  This will help the virus from spreading.  Train your employees on what to do and what not to do in these situations.

Lastly, if your company was the target of a cyber attack, remember that it is a crime and report it to the FBI through their Internet Crime Complaint Center.

If you want to do something even more proactive, use an organization such as Massive Alliance to help you trace an attack back to the source and give you the ability to take action against it.  Our effective cyber investigation service can discover and assist you in taking down the threat criminal. To get in touch with our Cyber Investigation Specialists click HERE.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.