PSA: Recruitment portals and job sites at risk | Advanced Mobile Spy Software
Readers of Malwarebytes Labs aren't new to the social engineering tactics of malcontents to get users to respond to fake job offers via email. In 2014, we wrote about spam claiming to be from the recipient's supposed work application to a "Career Services Department," only to be redirected to a site where a potentially unwanted program (in the guise of a video player) was on standby for download. Then in 2016, we focused on a spam claiming to originate from someone in the NHS, the UK's public health service provider, only to do a complete 180 by welcoming email respondents with a job offer to sell light fixtures. As bizarre and downright obvious as the above examples are to some, they're not for others. This is why we generally advise continuous education and security awareness in detecting red flags in all emails—and that includes from potential future employers. The same can be said to those in the business of recruitment and job search platforms. Recruitment portals give bad guys