There’s yet another reason to not let your employees go looking for a new job on company time: cybercriminals are now leveraging recruitment sites.
According to risk intelligence vendor Flashpoint, the number of mentions of activity, the availability of compromised credentials, and the solicitation of accounts to list fake jobs has increased in recent months on the Dark Web.
Recruitment sites are rich with PII from those uploading resumes and personal details, making them a perfect target for data theft. But they also provide cybercriminals with another money-making angle: an unwitting mule.
Those looking for a new job are eager to follow whatever recruiting process is put before them and are usually willing to divulge material amounts of detail about themselves. So, there are a number of ways your users can unknowingly become participants in malicious activity by means of recruitment websites:
- They can be tricked into becoming money mules or participate in money laundering as part of a new phony job, such as a “merchandise handler” or “payment processor”.
- They can be the successful victims of malware infection or credential theft via fake PDF applications.
- They can become the involuntary accomplice in providing a cyber criminal access to your network.
Scams like this prey on the emotional engagement of the victim and their willingness to open emails, click on attachments, and follow links. The more reputable the recruitment site, the more likely the job seeker will become a victim.
You can effectively minimize the risk of these kinds of attacks by educating your employees with new-school security awareness training about the potential dangers of recruitment sites – and that they should be vigilant even when deciding to move onto a new position.
And, because job seeking can potentially breach the security of your network (by means of becoming the victim of a malware attack), you should also consider only giving HR the ability to surf to recruitment sites while on company devices.
We've got something really cool for you: the new Phishing Security Test v3.0!
Sending simulated phishing emails is a fun and an effective cybersecurity best practice to patch your last line of defense… your users.
Find out the Phish-prone percentage™ of your organization with our free updated Phishing Security Test that now includes our New Industry Benchmarking. See where you stack up! Industry Benchmarking enables you to compare your organization’s Phish-prone percentage with others in your industry.
Find out how you are doing compared to your peers and see the difference 12 months can make after using the integrated KnowBe4 Simulated Phishing and Security Awareness Training platform!
With Our Updated Phishing Security Test:
- You can customize the phishing test based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Start phishing your users now. Fill out the form, and get started immediately. There is no cost.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: