Perhaps the biggest surprise is the fact that this is only now becoming a growing threat. After all, from the cyber-criminal’s point of view, it’s low hanging fruit. Job seekers expect that they’ll be asked for all types of personal information when applying for positions, after all.
As long as the criminals take the time to make their offers appear legitimate, most applicants wouldn’t think twice about sending in their resume (complete with physical address and phone number), and then, a bit later in the process, their social security number and other personal and confidential information.
According to Flashpoint analyst David Shear, it’s not just personal information the criminals are after, however. Increasingly, criminals are seeking to engage the services of the people who “apply,” by using them as unwitting money mules, or using them as part of an intricate money laundering scheme.
On top of that, it’s all too easy for the criminal to respond to an applicant’s inquiry with an email containing an attachment (usually a poisoned PDF). Again, since the applicant thinks he (or she) has replied to a legitimate offer for employment, odds are excellent that they’ll open the attachment without hesitation.
At that point, whatever payload the poisoned file contained is installed onto their computer, which can have devastating consequences, depending on the nature of the malware the criminals want to install.
Shear also notes that he and his team have seen an increase in the number of inquiries on the Dark Web asking after compromised business accounts, and offers this explanation as to why: “Attackers want access to business accounts in order to leverage their phony job listings and recruit people who would ultimately participate in fraud without their knowledge.”
All that to say, job seekers beware. It seems that no low is too low where these criminals are concerned.