CYBERCRIMINALS love people in HR departments, because their job includes opening files that come from unknown sources—CVs, application materials and so on.
And these files quite often contain something malicious. You know who’s in the same boat, for the very same reason? Freelancers.
Freelancers also have to communicate with a lot of people they don’t know personally and open files that come from who knows where, be it text for translation, technical documentation for a coding project, or a description for a picture they are supposed to draw. That makes freelancers an easy target for cybercriminals of all sorts.
Malicious
SECURITY researchers recently noticed an active campaign targeting people on web sites for freelancers, such as Fiverr and freelancer.com. A group of cybercriminals was contacting people registered on those services saying they had a job they wanted done and that the details were in the attached file.
It actually was a .doc file, not an executable, and that convinced at least some of the victims that it was safe to open.
But a very specific thing may be wrong with Office documents: macro malware or malicious software hidden in macros used in Microsoft Office files. When people open such files, they are prompted to enable macros and some of them comply. After that—in the case of the recent campaign—the program installs a “keylogger” or a remote access Trojan (RAT) on their computer.
With keylogger or a RAT installed on your computer, the crooks can see everything you type, including your logins and passwords, which allows them to steal your accounts and your money.
A similar malicious campaign was allegedly spotted on LinkedIn and on Alibaba.
Being a freelancer has advantages, but there are huge drawbacks as well, and adding increased interest from cybercriminals to the mix can turn the burden of being a freelancer into something unbearable.
Here are some steps to protect yourself from different kinds of threats.
1 Do not install any software a client or potential client wants you to install, unless you download it from official sources and make sure that it doesn’t give the client access to your computer.
2 Do not open any “.exe” or other executable files. They might be malicious.
In case you absolutely need to do that, check those files first with an antivirus tool.
3 Do not enable macros in Microsoft Word documents, Excel spreadsheets, PowerPoint presentations and so on.
Macros are basically executables hidden in files and malefactors love to fool people by sending seemingly innocent documents that actually contain malware.
4 Do not fall for phishing. Crooks may be interested in gaining access to your accounts on some web sites because that will also grant them access to the money you’ve earned using these services.
Gaining access into your account might also result in damage to the reputation you’ve worked so hard to build. So watch out for misspelled sites and letters that urge you to relogin or send your credentials to someone for any reason.
5 When being paid directly, do not send anyone photos of your credit cards. Also do not disclose information such as expiration date or CVC/CVV code (three digits on the back of your card). That information is never necessary to get paid.
It’s OK to send the banking information (such as your card number) when someone needs to pay you but it’s better to do that using secure encrypted channels.
6 Install a reliable security solution that will protect you from malware, phishing, spam and other cyber threats.
Image credits: Kaspersky Lab