Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Social Engineering Exploit Fools HR with Infected IT Resumes

    job-search-1Proofpoint threat researchers recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious document. In this attack, the bad guys browse open positions listed on CareerBuilder.com and attach infected Word resumes to IT job positions in engineering and finance with titles such as “web developer” “business analyst,” and “middleware developer.”

    Issue is, when a resume is submitted, CareerBuilder automatically sends a notification email to the company that posted the ad, along with the resume attached to it. Careerbuilder helps deliver the malicious payload, which is likely to slip past defenses, because it is concealed inside an image.
     
    When HR (or a recruiter) opens the email and next the attachment, the document tries to exploits a known vulnerability in Word to place a malicious binary on the user’s system. The binary then contacts a command and control server, which downloads and unzips a image file, which in turn drops a backdoor dubbed Sheldor on the victim’s computer, Proofpoint said in a blog post describing the attack.

    It's a great way to use social engineer the victim because the employee in HR has basically asked for the resume to be sent. 

    “Not only are they legitimate emails from a reputable service, but these emails are expected and even desired by the recipient,” the company said. And because of how resumes are typically circulated within an organization, there is a good chance the malicious attachment will be sent to hiring managers, interviewers, and other stakeholders within the company that posed the ad, the researchers said. 

    What To Do About It

    - I would strongly recommend that anyone who opens resumes from job boards only uses the Google Chrome browser VIEW option and DOES NOT download any actual documents.

    - Deploy an automated resume parsing solution (there are a few) which will take the brunt of the malware threat as part of their service.

    And obviously, step all employees through effective security awareness training. You'll be surprised how affordable this is.

    Get A Quote Now

     

    Related Pages: Social Engineering

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews