Select Page

Anyone who is looking for a new career opportunity should keep in mind that the online employment landscape has become quite fertile ground for social engineering and phishing attacks. Bad actors use job sites as well as emails to impersonate hiring organizations and lure unsuspecting job seekers into their profitable cons throughout the year. These scams become even more widespread during the summer and at the end of the year when job seekers are most active.

Organizations also need to be aware of these threats since the reality is that if your employees are looking for a new job, they are likely doing so during weekday working hours. And the goal of scam is not only to obtain personally identifiable information (PII) from jobseekers, but also harvest credentials and install malware that could lead to a corporate breach.  According to ApplicantPro:

“Contrary to popular belief, most job boards (company careers sites) generate more job seeker traffic during weekdays than they do on the weekends…”

“Of course this may vary based on industry, but after looking at traffic data from job boards, as well as from hundreds of client careers sites, the average weekday sees as many as 2 to 4 times the job seekers of Saturday or Sunday.

To get even more specific, a high percentage of people are actually looking for work during the middle of the day, in other words, when they are supposed to be working.”

With all of this in mind, here are some of the many different variations of phishing employment scams jobseekers and organization can expect their employees to encounter.

Social media is a very popular attack vector for bogus job offers. Many URL shorteners (bit.ly or ow.ly) can help scammers mask malicious phishing sites that can be used to gather personal data. This might be credit card data for signing up to a fake job site, or other sensitive data.

Fake jobs from legitimate employers. As the Job Hunt article states:

“…job posting or the website claim to be a real employer, perhaps from a well-known company like Google or Apple or often from less well-known names. But, although the employer name is legitimate, the jobs are NOT legitimate because they not actually from that employer. In this scam, the real employer doesn’t have anything to do with the posting. This scam abuses a legitimate employer’s identity. I call this “corporate identity theft.” because the scammers have “stolen” a real company’s identity to use in this scam. The scammers are advertising bogus jobs that are completely unrelated to the legitimate employer named in the posting or on the site.”

Bogus jobs on legitimate job boards. It could be Indeed, Monster, CareerBuilder, you name it. While the job board has a good reputation, it can’t possibly police all paying job posters. The cost to post a job is not that steep and an unsuspecting job seeker can easily stumble onto a phishing site that gathers personal data.

Emails which claim to offer available jobs while soliciting PII or redirecting recipients to a fraudulent site. Here’s a recent example of an email job offer.

Phishing email

While many people may have phishing awareness training that would help them recognize the unusual subject line, misuse of the English language, the fact that HotJobs no longer exists, and maybe the “too good to be true” nature of an adaptable schedule, full benefits, and decent salary, not everyone can easily spot a scam. This is very similar employment scam to one that defrauded a gentleman to the tune of over $35,000. You can read that poor man’s story at this CBS News article. Bottom line: he fell victim to a very sophisticated employment scam; scams that have become popular with threat actors today.

If your employees are using the corporate network as a launching point for career change, they are opening the organization (and themselves) to potential phishing sites and links that can cause damage. SlashNext Real-Time Phishing Threat Intelligence identifies live zero-hour threats such as these in real-time and allows organizations to respond in real-time with automated blocking through their firewall.

You can check this technology out yourself. Contact us to learn more or try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.