Social Engineering Exploit Fools HR with Infected IT Resumes

job-search-1Proofpoint threat researchers recently detected a clever email-based attack that combines phishing and social engineering techniques in order to trick users into opening a malicious document. In this attack, the bad guys browse open positions listed on and attach infected Word resumes to IT job positions in engineering and finance with titles such as “web developer” “business analyst,” and “middleware developer.”

Issue is, when a resume is submitted, CareerBuilder automatically sends a notification email to the company that posted the ad, along with the resume attached to it. Careerbuilder helps deliver the malicious payload, which is likely to slip past defenses, because it is concealed inside an image.
When HR (or a recruiter) opens the email and next the attachment, the document tries to exploits a known vulnerability in Word to place a malicious binary on the user’s system. The binary then contacts a command and control server, which downloads and unzips a image file, which in turn drops a backdoor dubbed Sheldor on the victim’s computer, Proofpoint said in a blog post describing the attack.

It's a great way to use social engineer the victim because the employee in HR has basically asked for the resume to be sent. 

“Not only are they legitimate emails from a reputable service, but these emails are expected and even desired by the recipient,” the company said. And because of how resumes are typically circulated within an organization, there is a good chance the malicious attachment will be sent to hiring managers, interviewers, and other stakeholders within the company that posed the ad, the researchers said. 

What To Do About It

- I would strongly recommend that anyone who opens resumes from job boards only uses the Google Chrome browser VIEW option and DOES NOT download any actual documents.

- Deploy an automated resume parsing solution (there are a few) which will take the brunt of the malware threat as part of their service.

And obviously, step all employees through effective security awareness training. You'll be surprised how affordable this is.

Get A Quote Now


Related Pages: Social Engineering

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews