In the wake of the great reset, cybercriminals are finding success posing as legitimate companies in job postings seeking new hires on well-known job sites.
This month, the FBI issued a warning about “security weaknesses” on job recruitment websites. These weaknesses come in the form of not validating the poster as actually belonging to the company they claimed. In one case, the FBI was made aware of a fake job posting actually placed on the companies official page on the recruitment website.
According to the warning notice, the work put into impersonating a company was more than just in name only:
“Fraudulent job listings include links and contact information that direct applicants to spoofed websites, email addresses, and phone numbers controlled by the scammers where the applicant's personal information can be stolen and then sold or used in additional scams. The logos, images, email addresses, and spoofed websites closely resemble the information of the legitimate company. In some cases, the scammers use the identities of actual company employees to increase the perceived authenticity of the job posts. They may continue to use those identities in their interactions with the job seekers during the fraudulent interview and hiring process.”
You’d think by now this kind of thing would be locked down. We saw this kind of blatant company impersonation on LinkedIn last year.
According to the FBI, the scammers would seek to steal personally identifiable information and also mention the average reported loss from this type of scam is around $3,000 per victim, indicating that banking and/or credit card information may be also involved.
This particular scam is also harmful to employers as well, as negative company reviews can result and harm the company’s reputation. And, given that employees do look for jobs at their current employer, and can be conned into opening a “job application” attachment in an email while on a corporate device, this same scam puts organizations at risk of cyberattack. We saw this back in 2019 with an ad placed on LinkedIn. It’s one of the reasons we’re so passionate about every employee going through Security Awareness Training. Until we see this kind of scam shut down, employers beware of potentially leaving employees.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
