Want to avoid viruses from your applicants?
Currently, many German HR departments are being hit by the 'Goldeneye' ransomware, which, under the guise of a fake job application, encrypts all files when activated by an employee. The best way to avoid viruses has always been healthy skepticism towards attachments from unknown senders. Unfortunately, the hacker 'Goldeneye' has now found an entry point where unknown senders are an unavoidable requirement: The job application.
"Sehr geehrte Frau Wieser..." the email starts innocently, adding in a respectful and expectant tone that Frau Wieser can find the real application in the attached files. Unfortunately, it's not just an application Frau Wieser finds in the files. With a few clicks, the PC restarts and the screen lights up with golden dollar signs forming a skull. From now on, Frau Wieser's HR department has no access to her files unless they pay a ransom. Such a ransom is typically around 1000 dollars.
Safe files are no security
Janus, as he calls himself, the villain behind Goldeneye (both the ransomware and the James Bond movie), has this time found his way into the benevolent clicks of gullible employees when he hits them with unknown files that they themselves have requested. Goldeneye is hiding in the second of the two files that Frau Wieser's department receives. An Excel file. A flower that could be a logo from a trustworthy IT provider encourages the good-natured HR soul to click on a CV and Boom! Everything is locked!
There is nothing to do. While the police are at a loss, the spam filters of the world need to know their enemy before they can react. It's not even safe to trust 'docs', 'pdf' or 'xls', as there are numerous ways to insert virus code into these otherwise safe files.
The path to safe recruitment
So what do you do if you want to avoid file meltdowns and save your company time and money?
- It's always wise to be skeptical of files and content that look strange and unfamiliar. Although common files like Word and PDFs can also be infected, they can usually be expected to contain trustworthy content.
- Check if the sender of the email also matches the email address listed as the sender. Similarly, you can check if, for example, a Dropbox link sends you in the right direction by hovering over the link.
- But first and foremost, all companies that are hiring new employees and want to ensure a safe process should consider a recruitment system like Elvium. Here, all incoming files are converted to PDF and further checked before they are sent to the companies. This not only provides a virus-free volume of applications, but also gets them organized and ranked so that HR managers can spend their time on the most relevant candidates.
- Best of all, the system prepares the company for the new General Data Protection Regulation, which comes into force in 2018. By then, sensitive data such as applications will no longer be able to be received via email anyway.
Read more about the Goldeneye ransomware here.