Just like sending greeting cards by post, physically presenting your CV for a prospective job offer is becoming extinct. The digital world in which we live has rendered the act of traditional post as unnecessary – now it is easy, not just for the candidates but also the HR department, to receive CVs by electronic or digital means.

However, this also presents its own risks for your IT security. Cybercriminals are prepared to take advantage of the fact that companies receive hundreds of CVs and like to attach a small extra to theirs in the form of malware.

A group of security experts uncovered a network of cybercriminals that sent malicious programs disguised as curriculums which installed itself on the victim’s computer upon clicking to open the document.

This type of attack is known as ransomware, which is a type of malware which can behave in two ways: it can completely block the computer or impede access to files by encoding them and making them inaccessible. Usually, the attackers demand the victim to pay a certain amount of money to receive a code to unblock the system, which is why they normally target companies as the chances of getting a big payment are higher.

In the chain of emails identified by the experts, the address corresponds to a Yahoo account and the attached document is compressed like a ZIP file. The emails also contain a short text with a greeting from the fake candidate in which they give their name (but never their surname) and notification of its delivery. Another characteristic of the email is the misspelling of words and grammatical errors.


The experts therefore advise that once the compressed file is opened, the malicious file will be seen in .html format, which should serve as a warning as these type of texts are usually sent in PDF or Word documents (although it is also advised against opening them in this format if you aren’t sure of their origin).

Once the receiver clicks to open the document, their search engine will open the address that appears in the code (just like clicking on a link). The fake link redirects the program to a page on the infected server where a sequence of links is played out until an .scr file is downloaded, an executable file of Windows that contains the ransomware.

The reason why these criminals have created these cyber-labyrinths lies in the security systems themselves. The antivirus solutions and anti-spam filters have made them design a method of attack that takes place over a series of stages so as to evade the system’s defenses. This should also serve as a warning – if your computer goes through different steps to open a simple CV, be suspicious.

In the event of this or any other type of ransomware infecting your computer, the first thing you should do is turn it off and disconnect it from the internet so that it can’t spread to the rest of your devices that share that connection. The malicious program might be eliminated but it’s likely that you won’t be able to get your information back, which is why it is highly recommended that you make copies of all of your confidential and important information. It’s best to save it onto a different device and, obviously, do it before suffering an attack.

As regards the ransom that the cybercriminals ask for, don’t think that this will be solved just by handing over the cash – these criminals aren’t known for sticking to their word and nothing can guarantee that they’ll give you the correct code. Anyway, even if they do, what’s to say they won’t try and infect your computer again in the future.