A promising potential new job is just the hook cybercriminals need to get users to drop their guard and be willing to click links, open attachments, and even enable macros. And the need for filling out applications, the sending of resumes, and the need for documents all as part of a hiring process is the perfect place to hide malicious content.
In some cases, it’s your users that may be actively looking for a job; in other cases, it’s “recruiters” that want to connect, inform them of a potential position, and take the scam from there. In either case, it spells bad news for your organization, as the vast majority of your users are happy to go job hunting while on your corporate network.
It’s fitting that this news of plenty of jobs over at LinkedIn comes during October, which is National Cyber Security Awareness Month, as the potential for thousands of scams and cyberattacks is huge.
Despite the awkward aspect of informing users of the dangers of LinkedIn, it’s a necessary step to ensure the security of your environment. Educating them on how these scams work will help to reduce the risk of attack. Users that have already been through continual Security Awareness Training should have the right security mindset to avoid becoming a victim, despite the distracting sense of urgency that a potentially more exciting and better paying “job” can create, giving attackers an upper hand.