Over the years, I’m sure you’ve heard the warnings from IT people more times than you can count: Don’t open email attachments sent by people/accounts with which you aren’t familiar.

As a recent email-delivered malware scam uncovered by the Malware Hunter Team demonstrates, users must be just as skeptical of messages sent by third-parties, even if there appears to be a valid reason for the contact to take place – like negotiating the terms of freelance work with someone who contacts you through a platform like Fiverr or Freelancer.com.

A tweet sent out Friday by the Malware Hunter Team briefly relates the story of a freelancer on Fiverr who contracted malware by opening an attachment from a purported potential client.

Saw an NG actor using @fiverr to spread.
And in this case, the poor girl opened the doc…
People, if you are opening files from random people, at least have an AV installed. And of course, don't enable macros… pic.twitter.com/nfC3ahmMUj

— MalwareHunterTeam (@malwrhunterteam) September 21, 2018

In this case, the person behind the malware scam took the time to increase the verisimilitude of the offer, contacting multiple freelancers and replying to messages from targets who said something was wrong with the attachment. The Malware Hunter Team then noticed the same scam was playing out on Freelancer.com, as well.

Not only on Fiverr, but on @freelancer too.
Example: pic.twitter.com/BxoPUmryMU

— MalwareHunterTeam (@malwrhunterteam) September 21, 2018

While this attack can be defeated by keeping your antivirus software up to date and disabling macros, what made this attack so pernicious is the context in which it took place. Freelancers who use platforms like Fiverr are accustomed to communicating with the prospective clients via email.

There may be no personal basis for a freelancer to “trust” the sender of an email which purports to involve a job offer, but the normalcy of communicating with clients via email can cause the recipient to lower their guard. They’re looking for work and the sender is promising such work; why wouldn’t they want to read the details of the offer?

The exploit at issue here seems limited in both its sophistication and scope, but it’s still a good reminder to always practice good security with respect to emailed communications. While in this case the scam is targeting freelancers, it should be instructive for prospective employers/clients who use platforms like Fiverr and Freelancer.com, as well. After all, the scam could be just as easily turned on its head, with a scammer pretending to be a designer or coder, who offers a work sample as an attachment.

The bottom line, as ever, remains the same: Keep your antivirus software up to date, exercise caution when opening attachments – and let the buyer and seller beware.