Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Campaign Impersonates Palo Alto Networks Recruiters

    KnowBe4 Team | Apr 9, 2026

    Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.

    “The specific attack vector uses social engineering to manufacture a bureaucratic barrier regarding the candidate’s curriculum vitae (CV) and push the candidate toward taking actions such as reformatting their resumes for a fee....The attacker's technique involves falsely claiming that a candidate's resume failed to meet the applicant tracking system (ATS) requirements. The ATS is an online tool designed to analyze resumes for proper formatting, structure, and keyword optimization, ensuring they pass automated filters before reaching human recruiters.”

    The social engineering attacks involve manufacturing a crisis in the recruitment process, which “increases the urgency and willingness of the victim to comply” with the attacker’s request. The fake recruiter refers the victim to a “CV expert” who will supposedly improve the resume to meet the company’s standards for a fee of several hundred dollars.

    Unit 42 outlines the following advice to help users avoid falling for these scams:

    • “Verify the sender's domain: Always check the suffix of the sender's email address. Scammers often use look-alike domains (e.g., @paloaltonetworks-careers[.]com instead of @paloaltonetworks.com).
    • Request an official platform: If a recruiter contacts you on LinkedIn, ask to continue the conversation via an official corporate email or the company’s internal applicant portal.
    • Zero-payment policy: Treat any request for payment during the recruitment process as an immediate red flag. Legitimate employers invest in talent; they don't charge them.
    • Cross-reference the recruiter: Search for the individual on the official company website or LinkedIn. If their profile seems new, has very few connections, or lacks a history at the company, proceed with extreme caution.
    • Avoid suspicious attachments: Never download or open files with names like ATS diagnostic reports or Resume templates from an unverified source, as these often contain malware designed to compromise your device.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Unit 42 has the story.

    FAQs

    Why has there been a sudden surge in phishing attacks in the Gulf region?

    Cybercriminals are exploiting the fear and uncertainty surrounding the conflict in Iran and the wider Middle East. Following the US-Israeli strikes on February 28th, researchers observed a 130% spike in malicious emails. Attackers are using the regional instability and shipping disruptions as "social engineering" lures to trick people into acting quickly without thinking.

    What kind of email lures are attackers currently using?

    While the attacks are linked to the geopolitical situation, the emails often look like standard business communications. Common lures include fake invoices, contracts, banking documents, and delivery notifications. These are designed to exploit business disruptions and pressure employees into opening attachments or clicking links to "resolve" urgent issues.

    What are the best practices for defending against social engineering tactics?

    To defend against sophisticated social engineering campaigns, you should treat all unexpected business emails—especially those containing .zip, .rar, or .hta attachments—with high suspicion. Always hover over links to inspect the true destination before clicking, and never let "urgent" language pressure you into bypassing security protocols. Most importantly, verify any financial or legal request through a secondary, trusted channel, such as a known phone number or official company portal, rather than replying to the email.

     

    Return To KnowBe4 Security Blog

    See KnowBe4 Human Risk Management+ in Action

    Request a personalized demo today to discover how you can turn the tables on AI-powered social engineering threats.

    Request a Demo

    Topics: Phishing, Cybercrime

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.