New research found that cyber-criminals are using social engineering tactics to trick job seekers into replying to phony listings. According to a 7 June Flashpoint research blog, threats to job listing sites and recruitment portals are on the rise in the deep and dark webs.
Attackers target job listings and recruitment portals because they are ripe with all sorts of personal information. In addition to uploading resumes and cover letters – which include the obvious details of name, address, phone number, and email address – job seekers often are asked to provide additional personal information, such as their race and veteran status. Some online job applications also ask whether applicants have a disability or require a work-visa status.
Analyst David Shear, who researches cybercrime communities, actors and threats, found that cyber-criminals are looking to do more than steal personally identifiable information. When the unsuspecting job seekers reply to phony job listings, they are inadvertently recruited as money mules or lured into money laundering operations.
Recruitment portals also become direct targets when attackers send malicious "job applications" documents – usually a PDF attachment. If the documents are able to slip through weak or nonexistent scanning tools, they can grant an attacker access to data stored on the portal, leaving applicants vulnerable to identity theft.
Noting a marginal increase in the number of mentions on deep and dark web forums related to such activity around recruitment portals, Flashpoint analysts found that many of the mentions involve "advertisements for the availability of compromised accounts, or criminals soliciting business accounts in order to list jobs on the platforms."
"Attackers want access to business accounts in order to leverage their phony job listings and recruit people who would ultimately participate in fraud without their knowledge," Shear wrote. Drafting these unwitting mules is a tactic that is growing in prominence on job recruitment portals.
Phishing campaigns have proven widely successful for the criminals, who target recruitment professionals rather than the recruitment portals.
According to Shear, one interesting nuance about the recruitment fraud schemes, is that enterprise organizations are at higher risk for targeting than small to mid size organizations.
"Not only is there more financial benefit to targeting enterprises, but threat actors can actually remain undetected for longer due to the complexity of large scale organizations and lack of communications between different locations of most of these enterprises," said Shear in an email.