In response to the recent increase in teleworking during the COVID-19 pandemic, cyber criminals are targeting teleworking employees with fraudulent termination phishing email and video conferencing meeting invites. Employees who are alarmed may not look at the sending email address and see that it does not come from Cooper. The emails entice victims to click on malicious links pretending to provide more information or online conferences pertaining to the victim’s termination or severance packages.
In one instance, the FBI learned employees from a data security company received fraudulent emails that stated the company was terminating the recipient’s employment. The message contained subject lines such as, “Termination Review Meeting.” The email cites the COVID-19 pandemic as the reason for downsizing, provides instructions on how to process out of the company, and directs the employee to click a “hotlink” to receive termination benefits. Employees that clicked on the link received a black screen.
In a second instance, the FBI determined attackers sent meeting notifications asking recipients to join a video conference about their purported terminations. The email contained fake video conference invitations such as “Join this Live Meeting.” The employees who fell victim to this attack had login credentials compromised.
Should you receive a “termination” email purportedly coming from Cooper, please do not click any links in the email. Cooper HR and management will never send an email informing you of your termination. Please immediately contact the Help Desk, forward the email to firstname.lastname@example.org, and then delete the email from your inbox.
Source: FBI Privacy Industry Notification 20200521-003