Threat Alert: Phishing Lures Abuse Hays Recruitment Brand to Distribute Malware

• Cybercriminals are launching phishing attacks using job referral themes and abusing the Hays Recruitment brand.
• The phishing lures contain an embedded “Download Documents” button with a hidden URL.
• Following the URL leads to a Hays Recruitment-branded page with a countdown clock warning that the document will soon be unavailable. 
• Visitors are encouraged to solve a CAPTCHA, likely to increase the page’s perceived legitimacy, and then download a document that leads to the installation of malware. 

Key Action: Report Suspicious Emails 

• Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well- known organizations.
• Remember cybercriminals take advantage of a false sense of urgency. A countdown timer on a webpage warning a resource will soon be unavailable is intended to produce panic in a recipient.
• Report ANY suspicious emails using the Phish Alarm button.