For employees across the globe, the possibility of losing one’s job is a deeply unsettling fear. In an increasingly uncertain economic climate, news of layoffs can cause anxiety even among high-performing professionals.
Cybercriminals are now exploiting this fear as a new tactic to spread malware, using deception and psychological pressure to trick unsuspecting employees into compromising their systems.
According to researchers at the AhnLab Security Intelligence Center (ASEC), hackers have launched a malicious campaign that targets employees by impersonating company executives or human resources personnel. The attackers send phishing emails that appear highly convincing, often claiming to contain performance evaluations or internal reports. These emails typically warn recipients that their job may be at risk and that termination could occur within one or two weeks unless immediate action is taken.
In reality, these alarming messages are part of a carefully planned scam designed to distribute malicious software. Once the malware is installed, attackers can gain unauthorized access to the victim’s computer or corporate network. The compromised system may then be used to steal sensitive data, monitor activity, or execute commands remotely, depending on the attacker’s objectives.
The method used in this campaign is relatively simple but effective. Hackers send a phishing email that closely mimics official workplace communication. The email often claims to come from HR or senior management and asks the employee to review or explain a work performance report, such as an “October 2025 performance evaluation.” To make the request seem legitimate, the email includes a Google Drive link, which appears trustworthy at first glance.
When the victim clicks the link, they are prompted to download a document that supposedly contains feedback, instructions, or corrective steps required to retain their job or secure pending payments. However, the file is embedded with malware. Once opened, the malicious code is executed, allowing hackers to infiltrate the system without the user’s knowledge.
Security experts warn employees to remain cautious, especially when emails use fear, urgency, or threats to prompt quick action. Organizations are advised to strengthen employee awareness through regular cybersecurity training and to implement email filtering systems that can detect phishing attempts. As cybercriminals continue to evolve their tactics, vigilance remains the most effective defense against such emotionally driven cyberattacks.
