14 DAY TRIAL // In case you come across an email regarding a claim for benefits with the Division of Unemployment Assistance you should know that it’s likely sent by cybercriminals. The emails appear to come from the victim’s own organizations.
“A former employee(s) of your company or organization recently filed a claim for benefits with the Division of Unemployment Assistance (DUA). In order to process this claim, DUA needs information about each former employee. You are requested to: Provide Wage and Separation information (Form 1062/1074) And/or Provide Separation Pay Information,” the emails read.
“If you do not provide this information, you may lose your right to appeal any determination made on the claim. To provide this information electronically, <b>please print attached claim (file) and complete any outstanding forms,” it continues.
According to Conrad Longmore of Dynamoo’s Blog, the file that’s attached to the notifications, attached_forms.exe, is a piece of malware. Once it infects a computer, it connects to a remote server.
The same server is currently being used in a malware distribution campaign that uses fake Wells Fargo emails.
If you come across such notifications, act with caution, even if they appear to come from someone within your company. Longmore advises organizations to temporarily block servers in the 69.26.171.176/28 IP range since they’re apparently abused by cybercriminals.