A logo for soteria technology solutions with a spartan helmet

Scam of the Month: Fake Applicants, fake jobs: a two-sided coin

Erin Patten • June 12, 2024

Scam of the Month

A favorite feature of our Monthly Newsletter, now on the Blog!

Curious about the Newsletter?

Once a month, you get an email with this and other great News you can Use, handwritten by Actual People! Like Me!

Sign me up!

Malware disguised as resumés, applicant pools filled with bots, fake job offers that serve malware, or steal personal information...

It's rough out there, for HR and job hunters alike.


I read this article from Hacker News today, about a phishing attack that was recently uncovered, although scams like it have been around for years.  In this scam, the threat actors apply for jobs and send a link to download a resumé, which will also download a bunch of malware.


This sort of scam has a flip side, too:  as I was writing this blog, a story broke about a new Windows malware named 'Warmcookie', which is distributed through personalized emails containing fake job offers. Clicking the email leads to a legitimate-looking landing page, where you are asked to download the job description. Unfortunately, clicking that will download Warmcookie insted.  Warmcookie installs a backdoor into infected machines, "capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads."  intended to surveil and breach corporate networks. Unfortunately, this isn't an exactly new idea, either: in 2023, a long-running campaign by a North Korean threat group was discovered, called "Operation Dream Job" that targeted defense and nuclear engineers with fake job opportunities, but beginning the " job interview" would download a payload of malware instead. 


It got me thinking about all the other instances I've seen recently of job related scams - (there's so many variants, I might need to make this a whole series of blog posts!) and it almost makes you wonder how anyone is actually getting hired at all.


Thankfully, none of them are as terrifying as this report, of thousands of people being lured to Southeast Asia with the promise of jobs, only to be kidnapped, trafficked, tortured, and forced into running online scams in inhuman labor camps.


So what is the takeaway?  How do we protect ourselves and our companies?

  • If a job offer comes seemingly out of the blue, or a new job posting seems too good to be true, it probably is.  If you think it is legitimate, do your due diligence and thoroughly investigate the company and the people hiring before replying to the offer or post.
  • On the HR side, never go to someone's webpage to download their resumé. Ask applicants to submit a resumé to you, and be very careful about what file types you accept.  One way to filter it automatically would be to accept resumés through an online file uploader, set to only accept txt, docx, and pdf files.
  • If you suspect you are the victim of a scam, report it! Report it to your local police, and the FBI's Internet Crime Complaint Center (IC3) at: https://www.ic3.gov/Home/ComplaintChoice




This post is 100% written by a real person, who has read all of the articles referenced within.

This post, like all our posts, is 100% written by a human.

Share this Post

A woman hides her face behind a library book
December 10, 2024
A rare win this month, these scammers are in trouble.
a book with fanned pages and blurry background
By Erin Patten November 20, 2024
Revisiting the Ghost Books Scam - with real-world consequences.
The insightly podcast logo
November 1, 2024
Tariq talks all things cybersecurity with the podcast hosts Alyssa and Jordan.
the silhouette of a woman's face is covered with a projection of green computer code
September 30, 2024
A freely accessible database containing full background data for about a third of all Americans was just uncovered on the internet.
A new two-story home with a soft pink and blue sunset in the background.
August 28, 2024
Real Estate scams and wire fraud costs Americans hundreds of millions of dollars every year. One victim shares her story.
A 19th century engraving of three rough and hungry looking children searching for potatoes.
July 24, 2024
A look at what insights history can offer us about how things like this happen.
A closeup photo of a boxer's shoulders and arms. They are wearing black boxing gloves.
By Erin Patten July 8, 2024
Gigantic password leaks keep rolling in; and they keep getting bigger. How can you keep your accounts safe?
A screenshot from KSN Channel 3, of a newscaster speaking in front of a screen showing computer code
June 24, 2024
Cyberattacks have led to an outage in the software car dealerships across North America use to run their operations - making dealerships rely on pen and paper again, and putting untold amounts of personal data at risk.
A robot hand explores a blue imagined universe of connected webs of dots
By Erin Patten June 17, 2024
Researchers recently proved that GPT-4 can find and exploit unknown security weaknesses - by itself. It's a whole new world for cybersecurity.
More Posts
Share by: