It’s being reported that malicious actors are increasing using phishing and malware campaigns to target job seekers in order to steal sensitive information. And it’s not just job seekers who are at risk; a large number of potential employers are also receiving malware-spreading emails from fake applicants.
Job seekers are apparently receiving emails from fake companies or recruitment agencies, asking them to reveal their personal information or other critical data. These emails look legitimate, but are designed to steal sensitive information such as passwords or financial data by directing victims to malicious URLs or tricking them into downloading malicious attachments.
Cybersecurity firm, Trellix, has noticed an increase in registration of new typo-squatted, or purposely misspelled, domains for popular jobs-related sites like LinkedIn, Indeed and others. So imagine you click on one of these links to a fake website called “Linkednn.com” and log in with your actual LinkedIn username and password—you end up giving the signin details of one of your most important accounts to cyber-criminals.
What’s more, a lot of people tend to recycle passwords; so threat actors can use these details to have a crack at their other accounts too. Another form of malware delivery to employers or hopeful job seekers is through attachments, as mentioned above. When a victim downloads the file in question, hackers gain access to their device and the data stored on it.
Employers are being increasingly targeted by emails from “job seekers” which deliver malware through attachments or URLs that are disguised as resumes or identification documents of the applicant. The intention of these attacks is not always to steal personal or proprietary information; sometimes they’re carried out with the intention of disrupting the target organization’s operations.
This kind of attack is becoming increasingly common as cybercriminals take advantage of the high volume of job applications that employers are receiving. Trellix researchers have found that over 70% of all job-themed cyberattacks were aimed towards the US. People in Japan, Ireland, the UK, Sweden, India and Germany and other countries are also being targeted.
The researchers have also observed attacks utilizing fake or stolen documents such as social security numbers and driver’s licenses to make job-themed emails appear more credible.
Emote, Cryxos Trojans, Nemucod and Agent Tesla are reportedly some of the malware families that have been deployed to target employers and job seekers.