Phishing emails disguised as sexual harassment complaints being sent by the federal agency US Equal Employment Opportunity Commission (EEOC) are being used to deliver the TrickBot banking Trojan.

The recipient, usually unsuspecting employees at large enterprises, receive an email from EEOC, the agency in charge of workplace discrimination. This phishing email contains a malicious attachment that the recipient is prompted to download. Once this malicious attachment is downloaded, the TrickBot trojan is dropped and the victim’s computer is infected.

“Personal Touch” Used To Persuade Recipient to Download Malicious Attachment

Cybercriminals use personal information collected from public profiles of social media platforms, such as LinkedIn, Twitter, Facebook, and information from other leaks to make each phishing email targeted. For example, the email will contain a target’s:

  • name
  • the company they work for
  • job titles
  • phone numbers 

Customizing a phishing email has shown to greatly increase chance that the recipient downloads the malicious attachment. Below is an example of the email from EEOC, the agency in charge of workplace discrimination.

Targeted Attacks The New Norm

Nearly all successful cyberattacks include a social engineering component that customizes phishing emails in order to make them more convincing. The effectiveness of a phishing campaign significantly increases when emails include information on each recipient.

Defense technologies like anti-virus and firewalls are helpless against phishing emails because they are not able to eliminate human error. In other words, these defense solutions cannot stop a user from downloading the malicious file.

Content Disarm Technology (CDR) is an effective tool against phishing emails because it ensures that all files are clean before entering a system. Even if a recipient is deceived by the phishing email, when they click to download the malicious attachment, CDR technology will detect, disarm and clean the file before it is opened. In the case of EEOC sexual harassment emails, CDR technology would be able to detect the malicious file containing TrickBot trojan before it harms the recipient.