Introduction
Millions of people around the world are on the hunt for a new job right now. Whether it’s a complete career change or a new position in their same area of expertise, it’s estimated that a significant portion of the global workforce is actively seeking new opportunities at any given time.
This includes those who are unemployed, underemployed, or looking to change fields entirely!
In today’s digital age, job seekers and recruiters are prime targets for cybercriminals. For hiring teams, the valuable personal and organizational data under their care makes them attractive targets. For people on the hunt for new employment, eagerness can lead them to submit their private information to potential companies. If a bad actor posing a hiring committee takes it so far as to conduct fake interviews and even offering you the nonexistent role, then they can request highly personal information like your financials and Social Security Number!
So whether you’re looking for a new job, or looking for a new candidate, everyone needs to know how threat actors are impacting both sides of the job market. Here’s how both parties can stay safe during their employment search and recruitment processes!
How Job Seekers Are Targeted
Cybercriminals send fake job offers or application forms to job seekers, tricking them into providing personal information or downloading malware. Fraudulent job postings can even appear on legitimate job boards or social media platforms, which adds to the false sense of validity.
They can also target a specific candidate or demographic, by gathering information from your social media profiles. Learning more about you as a target allows these spear-phishers to craft highly personalized and convincing “recruitment” emails. Just like any other genre of phishing scheme, it’s important to recognize, avoid and report odd messages and suspicious users.
Remember, real job postings will…
- come from professional email addresses and domains.
- contain well-written, error-free messages.
- never ask for payment for applications, training, or background checks.
- include detailed job descriptions and requirements.
- have consistent branding and logos that match the company’s official materials.
- provide verifiable contact information, including a company website and phone number.
- conduct interviews, either in person or virtually, before making an offer.
- should have reviews and a professional website where you can find information about the company online.
- not ask for sensitive personal information (like your Social Security number or bank details) early in the hiring process.
You can also make use resources, like the Better Business Bureau or online scam databases, to verify the legitimacy of the job offer.
Remember to research companies before you apply or accept any offers!
How Recruiters Are Targeted
Threat actors also plague hiring committees, because they represent the trove of company information that is usually shielded behind a robust professional network. It’s a rare opportunity for the public to interact directly with a high-clearance individual.
Thwarting this loophole, cybercriminals will send resumes with embedded malware; so that when recruiters open these documents, their systems get compromised. The bad actor can then (attempt) to break further into the network. This is just one example of why network segmentation is an important aspect of your professional cybersecurity strategy; network segmentation essentially means keeping different parts of the company systems apart from each other. If one part gets sabotaged, the rest of the data remains untouched.
When going after job recruiters, phishers reverse the scheme that they use on job seekers. Here’s how you can protect yourself and your company while searching for your next candidate!
- Post job openings on verified and reputable job boards to reduce the risk of encountering fraudulent applications.
- Always verify the authenticity of candidate information through multiple sources.
- Communicate through secure, encrypted and official channels and avoid using personal email addresses.
- Be cautious of unsolicited applications, especially those with attachments or links. If you posted on LinkedIn, for example, then they shouldn’t be contacting you directly.
- Look out for red flags such as poor grammar, urgent requests, or inconsistencies in the candidate’s information. (These are bad qualities in a candidate, anyway!)
- Perform thorough background checks on candidates before proceeding with the hiring process.
- As a recruiter, take your training seriously as you learn to recognize phishing attempts and malicious attachments.
- Report any suspicious activity to the relevant authorities and job platforms.
- Keep up-to-date with the latest phishing scams and cybersecurity best practices to protect your organization.
Let’s briefly consider a real cyber-threat targeting job recruitment teams, to demonstrate why our vigilance is tied in with our cyber-safety: The FIN6 Cybercrime Group has been known to target recruiters by sending seemingly legitimate job applications containing malicious URLs or attachments. Once these are opened, the attackers gain control over the targeted systems.
Very real scenarios like these can threaten your systems and all the data on it!
How You Can Stay Safe
No matter which side of the hiring process you’re on, it’s important to maintain up-to-date security software to detect and block malware on all of your communicative devices.
By staying vigilant and adopting these security practices, both job seekers and recruiters can significantly reduce the risk of falling victim to any cybercrime that comes their way.
The post Job Seekers and Recruiters: Protect Yourself from Cybercrime appeared first on .
