Law firms and other sophisticated employers are the target of a new e-mail threat. Two weeks ago, the EEOC reported that they have begun to receive complaints from HR Departments about emails that include the EEOC logo with the subject line “Employer Liability for Harassment.” The emails show a legitimate “From” address of the U.S. Equal Employment Opportunity Commission and reads in part:

“This is an automated e-mail that confirms the registration of harassment complaint #_____. This harassment complaint can lead to law enforcement action. You can download and print a copy of this complaint to keep for your personal records here______. Our staff will keep you updated regarding the status of our investigation…To check the status of your complaint access:_______”

By downloading the “complaint” the recipient plants a Trojan Horse virus. The emails are specifically targeted to HR staff members, typically at a level below the Director or CHRO. Firms receiving this email should contact the U.S. Computer Emergency Readiness Team (U.S. Cert), the agency responsible for coordinating computer threats involving federal agencies.

This is similar to a virus earlier this year being circulated by bogus emails claiming to come from the IRS. This difference is that the EEOC email is designed to attack enterprise applications.