Instead of working, stealing identity and taking credits. Scammers are finding new ways to cheat and unfortunately, this method may be one of the most effective.
The intense search for a dream job means that candidates sometimes check offers and letters too quickly and mechanically. Unfortunately, this lack of interest can make them vulnerable to cybercriminals. And they, in turn, are well aware that among the job seekers there are also young people with less experience and unemployed who want to quickly find a job. When looking for ways to lull the vigilance of as many candidates as possible, cybercriminals constantly use old, proven methods. They are also testing new opportunities made available to them by moving recruitment processes online during the pandemic, ESET cybersecurity experts confirm.
Be careful with combos
Popular messengers or groups in social media, for example on Facebook, can give users a false sense of direct and real contact with a potential employer. Real entrepreneurs often use this channel, for example when looking for people for seasonal work in local groups, or project support in narrow areas on forums with an industrial profile. However, users should be very careful – such informal communication is also a great opportunity for cybercriminals.
Groups and messengers are a gateway for cybercriminals to carry out acts that, in their view, do not require much effort. They don’t even have to make up fake corporate email addresses. The mechanism of such an attack relies on the ability to conduct a conversation in a way that quickly instills trust and lulls users’ vigilance. A warning signal should, above all, be any requests for personal data beyond standard employment. At the beginning of the recruitment process, no one should ask for documents other than a resume or cover letter, especially for example a scan of an ID card, and even such cases happen. – Warn Camille SadekowskiSenior Cyber Security Specialist at ESET.
Professional employment security
Experts also note that very attractive job offers from recognized companies and brands, which are posted on free channels, that is, not only on forums and groups, but also on free classifieds sites, should also arouse suspicion. If something seems too good to be true – it is worth checking it carefully, for example by confirming the validity of such an offer by contacting a potential employer using the data available on the company’s official website.
Professional staffing, in both large and small companies, relies on professional staffing tools. This usually means posting ads on verified employers’ paid job sites. Depending on the industry, these are large horizontal portals or smaller industrial sites, directed at a specific group of experts, such as IT. For employers, this solution provides support and access to the preferred group of candidates and users, among others, security during recruitment processes. It should be noted that in our case, the content of offers is checked by the department you deal with and confirmed with employers, which allows eliminating potential threats. If the employer works in a different format – it is worth considering this offer and asking why. Of course, you shouldn’t be afraid of direct contact with the recruiter, but it’s best to check any suspicions afterwards with your potential employer – using official contact details. – Confirms Paul OlortProduct Owner of: Protocol, a recruitment site targeting the IT industry.
Red flags on LinkedIn
You should also be vigilant on the LinkedIn platform. Among the attacks targeting its users, which have been carried out so far by cybercriminals, there are for example: sending fake email notifications that lead to login pages impersonating LinkedIn. This action is intended to steal data or infect users’ devices with malware. You can protect yourself from this by checking directly on the Website whether we have already received such a notification.
Cybercriminals also use the openness of users who are looking for a job by having direct correspondence with them via LinkedIn chat. Here, any seemingly very good offers and requests for non-standard actions, such as fees for on-board training, any “starter package” or token payments for “personal data verification”, should arouse suspicion.
Remote recruitment – new opportunities for cybercriminals?
The pandemic and the transfer of even those stages of recruitment to the Internet, which, unfortunately, often took place at corporate headquarters, have opened up new opportunities for cybercriminals, which they do not hesitate to use. Users are now more likely than ever to click links in employment emails. They have their own contextual rationale—they can lead to additional quizzes, forms, or online recruitment video tools. Cybercriminals also do not hesitate to use this mechanism.
Be careful when a job offer, especially one that does not come from the employer’s official website or a website installed with offers, redirects us to another page where you need to complete a form with data. Of course, it happens that real recruiters also ask for this. However, it is worth checking whether this tool is in the original domain of the company we are applying to and whether it is secured with an appropriate security certificate. One must also look critically at the range of data we have to provide. A business owner, for example, will not ask for login details for electronic banking services She adds Camille Sadekowski.
“Infuriatingly humble musicaholic. Problem solver. Reader. Hardcore writer. Alcohol evangelist.”
What income does the average pole get? Check out the latest stats
Jack Ma has returned to China. Is Beijing protecting the image?
Prices for apartments in the deal will be available to everyone. There is a revolution in the market