dexco1
Member

Phishing Scam hidden in Excel attachment

Today is the second time in the last 2 months that an attachment to a job interview has had malicious code in it.

 

Here is the interview and the job posting:

**Edited for Community Guidelines**.

 

The job is not open to any messaging or applications, interview only, but has sent out 200 interviews and then withdrawn them all.

 

Interviewees can still download the attached excel sheet which has a bunch of German general writing in tab one. The VBA is locked with a password.

 

This vba code is likely similar to an excel sheet that I downloaded from a potential client earlier this summer. That code phished email logins and passwords from various websites. Banks, credit cards, gmail etc.

 

Be on the lookout for locked VBA in excel attachments.

 

Upwork is not scanning these to a proper level of security.

 

Be very very careful with Upwork attachments.

 

Mark

3 REPLIES 3
kochubei_valeria
Community Manager
Community Manager

Hi Mark,

 

Thank you for reporting. I'll make sure actions are taken against the job posting and the related client's account as soon as possible. We are also working on ways to prevent such files from reaching the marketplace.

~ Valeria
Upwork

Thank you for informing us, this is a serious concern. I really hope Upwork will take the necessary measures. Smiley Frustrated

Followup:

 

I received this email today from Upwork and it has a lot of good general antivirus information:

 

____________________________

 

Alice (Upwork Help Center)
Oct 17, 3:49 PM EDT

Hi Mark,

Unfortunately, we believe your computer may be infected with a virus. This notice applies to you if the following is true:

You recently opened a .xls (Excel) file which was related to a job opening that you applied to or were invited to apply to and the file was named “accs.xls”
The file asked you to enable macros (or you already had macros enabled)
You enabled macros

 

Unfortunately, we’ve determined that the job opening was posted for the purposes of spreading malware, and the file is malicious.

 

If you took the above steps, please run a full antivirus scan using one of the following recommended options:

 

Avast Free Antivirus (free) — http://www.avast.com
Bitdefender Antivirus Plus 2016 (paid) — http://www.bitdefender.com/solutions/antivirus.html
Kaspersky Anti-Virus (paid) — http://www.kaspersky.com/anti-virus
ESET NOD32 Antivirus (paid) — http://www.eset.com/int/home/products/antivirus

 

If you need further assistance with virus, malware, or spyware removal, you may visit the Geeks to Go forums for free technical support (please note that Upwork is not affiliated in any way with Geeks to Go and we are not responsible for the content of their website):

http://www.geekstogo.com/forum/topic/2852-malware-and-spyware-cleaning-guide

 

If you need additional support, we recommend hiring a professional computer technician for spyware and virus removal.

 

After verifying that your computer is free of malware, please ensure the security of your online accounts (especially your Upwork and email accounts) by updating your current passwords and security questions.

 

For your safety, routine antivirus scans should be performed on any devices used to access your account. Never run exe or other suspicious files sent to you by users you do not know or trust; even if a trusted individual sends you an exe or other suspicious file, you should verify its safety before running it. You may upload exe and other files smaller than 64MB to http://www.virustotal.com to have them scanned by 50+ antivirus programs.

 

If you have any questions, please reply to this notification and we'll be happy to help. Please stay safe!

 

Regards,

Upwork Account Security