Proofpoint threat researchers recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious document. In this attack, the bad guys browse open positions listed on CareerBuilder.com and attach infected Word resumes to IT job positions in engineering and finance with titles such as “web developer” “business analyst,” and “middleware developer.”
It's a great way to use social engineer the victim because the employee in HR has basically asked for the resume to be sent.
“Not only are they legitimate emails from a reputable service, but these emails are expected and even desired by the recipient,” the company said. And because of how resumes are typically circulated within an organization, there is a good chance the malicious attachment will be sent to hiring managers, interviewers, and other stakeholders within the company that posed the ad, the researchers said.
What To Do About It
- I would strongly recommend that anyone who opens resumes from job boards only uses the Google Chrome browser VIEW option and DOES NOT download any actual documents.
- Deploy an automated resume parsing solution (there are a few) which will take the brunt of the malware threat as part of their service.
Related Pages: Social Engineering