Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Bogus Job Offers as Phishbait

    phishing-macboat

    A series of phishing campaigns are targeting companies in various industries with phony job offers using direct messages on LinkedIn, according to researchers at Proofpoint. The attacker initially makes contact by sending an invitation to the target on LinkedIn with a short message regarding a job opportunity.

    Within a week after the target accepts the invitation, the attacker will send a follow-up email with either a link or a PDF attachment that contains embedded URLs. These links take the target to a spoofed version of a real staffing service, which forces the download of either a Word document or a JScript loader. This document or loader will result in the installation of a JScript backdoor known as “More_eggs.”

    More_eggs can be used as a downloader for additional malware, but it also has substantial information-gathering capabilities. It’s previously been used by Cobalt Group, a threat actor that primarily goes after financial organizations, although the Proofpoint researchers don’t attribute this campaign to any specific group.

    They do, however, believe the actor behind this campaign may be the same one responsible for another phishing campaign revealed earlier this month by Brian Krebs, which targeted Bank Secrecy Act officers at a number of financial institutions.

    Despite differences in targeting and the malware used, that campaign used similar PDF attachments which, at one point, contained URLs hosted on the same domain as the one used in the phony jobs campaign.

    LinkedIn is one of the most popular platforms for phishing and spear phishing attacks, because users expect to receive unsolicited messages from people they don’t know. New-school security awareness training can teach your employees how to determine if a contact should be avoided and, above all, never to click on links or attachments unless they’re absolutely certain of their legitimacy.

    Proofpoint has the story: https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    • home-KnowBe4-Phish-Alert-1Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user's inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

     

    Get Your Phish Alert Button

    Don't like to click on redirected links? Cut & Paste this link in your browser:

    https://www.knowbe4.com/free-phish-alert

     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews