Recently, attackers have formulated fake sexual harassment complaints that appear to come from the U.S. Equal Employment Opportunity Commission to disperse TrickBot malware, which targets financial data and acts to deploy other malware. This spearphishing campaign utilizes social engineering tactics to convince targets into exposing sensitive information.

The customized phishing emails are highly convincing, often using the target’s name and company position within the email to attain false credibility. In August, a variant of TrickBot Trojan attacked Verizon, T-Mobile, and Sprint users as well as the online word processor Google Docs. This new phishing campaign includes an evolved TrickBot with advanced banking information malware and Windows Defender circumventing capabilities. TrickBot’s adaptive nature makes it hard to defend against, and the fake sexual harassment phishing campaign scares employees into handing information over to attackers.

Read More: TrickBot Malware Uses Fake Sexual Harassment Complaints as Bait