PSA: Recruitment portals and job sites at risk

PSA: Recruitment portals and job sites at risk

Readers of Malwarebytes Labs aren’t new to the social engineering tactics of malcontents to get users to respond to fake job offers via email.

In 2014, we wrote about spam claiming to be from the recipient’s supposed work application to a “Career Services Department,” only to be redirected to a site where a potentially unwanted program (in the guise of a video player) was on standby for download. Then in 2016, we focused on a spam claiming to originate from someone in the NHS, the UK’s public health service provider, only to do a complete 180 by welcoming email respondents with a job offer to sell light fixtures.

As bizarre and downright obvious as the above examples are to some, they’re not for others. This is why we generally advise continuous education and security awareness in detecting red flags in all emails—and that includes from potential future employers. The same can be said to those in the business of recruitment and job search platforms.

Recruitment portals give bad guys access to vulnerable people

According to recent research from our friends at Flashpoint, threats targeting recruitment portals and job listing sites are on the rise. And the criminals aren’t just after job seekers’ personal information anymore. Flashpoint analysts have found that there is interest in the black market around compromised accounts belonging to job recruitment portals, whether they were from employees or from the businesses these platforms are working with.

Criminals prefer access to business accounts so they can create attractive fake job offers under the names of legitimate companies (which would be awfully difficult to avoid clicking on if you’re in the process of actively looking for a job). Not only can they phish unsuspecting users for their PII, but they can also drop other malware payloads via malicious links or attachments to compromise systems.

In addition, recruitment portals can inadvertently become a platform for recruiting individuals who would become money mules or part of other money laundering schemes without their knowledge. Unfortunately, children and young adults have already been exposed to this type of fraud by other means. Adding job recruitment sites to the list only sweetens the highly vulnerable pot.

Recruitment professionals are in the crosshairs, too

Employees of recruitment portals themselves can also fall victim to attacks. “Malicious documents in the guise of a PDF’d application can also slip past lax or non-existent scanning tools and target the recruitment portal directly, or enable an attacker access to data stored on the portal and expose applicants to identity theft,” wrote David Shear, Flashpoint analyst, in a blog post. Phishing campaigns could be highly effective against recruitment professionals, as they regularly receive an influx of email and attachments from unknown recipients

In an interview with Infosecurity Magazine, Shear said that criminals may likely gravitate toward enterprise business accounts from these portals as they are not only profitable but also allow for threat actors to remain undetected for long periods of time because of the inherent complexity of large organizations and poor communication.

Flashpoint has provided recommendations and mitigation steps in their blog post that recruiters must consider to address this problem.

Stay safe, everyone!