HR departments at risk of malware infection after unemployment benefits email spammed out

HR. Image from ShutterstockComputer users, especially those working in the human resources departments of corporations, should be on their guard against a malware attack that is spammed out via email at the moment.

Emails have been spammed out, pretending to come from Detma (the Massachusetts Division of Employment and Training), claiming that the recipient needs to supply information in order to pay benefits to a former employee.

Here’s a typical email:

Malicious email. Click for larger version

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: Action Required - Time Sensitive Material

Attached file: Unemployment_case.zip

Message body:
A former employee(s) of your company or organization recently filed a claim for benefits with the Division of Unemployment Assistance (DUA).

In order to process this claim, DUA needs information about each former employee. You are requested to:

* Provide Wage and Separation information (Form 1062/1074)
And/Or
* Provide Separation Pay Information

If you do not provide this information, you may lose your right to appeal any determination made on the claim. To provide this information electronically, please print attached claim (file) and complete any outstanding forms.

This message may contain privileged and/or confidential information. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy, disseminate, distribute or disclose to anyone the message or any information contained in the message.

Thank You.

The email is intended, of course, to trick the recipient into opening the attached file. Inside the ZIP file is a file called Unemployment_case.exe, detected by Sophos products as the Troj/Agent-YTA Trojan horse.

If you make the mistake of running the file on a Windows computer, and don’t have good up-to-date security software in place, your PC will be compromised and hackers will be able to gain remote access to your company’s data.

And as it’s likely that HR staff are most likely to act upon the email, it could be personnel records and private information about individuals which is most at risk.

Make sure that you know the rules about being deeply suspicious of unsolicited attachments that arrive in your inbox, and to always be wary of running unknown executable code on your PC.

Even if you don’t work in a personnel department, you could be putting your own data or that of your company at risk if you are careless about your computer security.

Human resources image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.