Recruiters warned: Threat actors are now posing as job candidates

Reports underscore need for security training, even for HR leaders

Recruiters warned: Threat actors are now posing as job candidates

Hiring managers are advised to be "hyper-vigilant" of cyberthreats following reports of threat actors using fake resumes to gain access to sensitive company information.

Cybersecurity firm eSentire recently reported that it detected and blocked an attempted malware campaign against a firm in the industrial services industry.

The threat actor posed as a potential job candidate on a job listing platform and provided the recruiter a fake resume download site.

"When navigating to the site, the victim was met with a 'Download CV' button, which resulted in the download of a malicious Windows Shortcut File (LNK)," eSentire said on a blog post.

"Navigating to the same URL days later results in the individuals resume in plain HTML, with no indication of a redirect or download."

The threat was related to a “more_eggs” malware, which eSentire said is engineered to "steal valuable credentials, including usernames and passwords for corporate bank accounts, email accounts, and IT administrator accounts."

According to the cybersecurity firm, attackers not only pose as a potential candidate, but also as a recruiter. They also deploy this method during periods when hiring is typically at an increase.

Hyper-vigilance encouraged

The report comes amid growing concerns among executives that their next cybersecurity breach will be due to an internal staff error.

Stu Sjouwerman, CEO of KnowBe4, said the reported malware campaign highlights the need for security awareness training for all employees, even HR professionals.

"Hiring managers need to remain hyper-vigilant about vetting job applicants and purported resumes, especially those coming from sketchy websites or email contacts," Sjouwerman said on a blog post.

"If something seems off, stop and get that resume file properly scanned before downloading it. Corporate security policies and best practices must govern how recruitment teams handle candidate materials."


Recent articles & video

Executives face criminal charges for fraudulent, deceptive bank transactions

SDC, NTUC LearningHub to upskill about 15,000 Sentosa employees

Employer told to apologise for sexual harassment under landmark ruling: reports

SHRM removes ‘equity’ from DEI program ‘to address flaws’

Most Read Articles

Singapore launches cybersecurity skills pathway amid global shortage

Malaysian university ordered to pay over RM530,000 for 'unfairly' retrenching two academics

MOM sees nearly 700 complaints annually on issuance of pay slips