The current economic climate globally is grim due to the ongoing recession, and taking advantage of this environment, cybercriminals are using phishing and malware campaigns to target job seekers in a bid to steal sensitive information, a new report said on Thursday. In phishing attacks, job seekers receive emails from fake companies or recruitment agencies, asking them to provide personal information or login credentials. These emails look legitimate but are designed to steal sensitive information such as passwords or financial information, according to research by cyber-security firm Trellix. Also Read - Global cyberattacks rise by 38 percent with healthcare most targeted in India: Report
In malware campaigns, job seekers receive malicious attachments or URLs to websites that infect their devices with malware or download malicious software. The malware can then be used to steal sensitive data or gain unauthorised access to the job seeker’s device and the data stored on it, according to the report. Also Read - Microsoft and NIELIT collaborate to train youth in cybersecurity skills for jobs
Moreover, the report said that the attackers are also targeting employers by posing as job seekers to exploit them by delivering malware through attachments or URLs that are disguised as resumes or identification documents of the applicant. This type of attack is becoming increasingly common as cybercriminals take advantage of the high volume of job applications that employers receive.
These attacks aim to gain unauthorised access to sensitive information, steal personal data, and disrupt the organisation’s operations. Further, the report has also observed attacks utilising fake or stolen documents, such as social security numbers and driver’s licenses, to make job-themed emails appear more legitimate.
Cybercriminals hope to increase the perceived credibility of the email by including fake or stolen documents, making it more likely that the recipient will fall for the scam. The researchers found that more than 70 per cent of all job-themed cyberattacks were targeted towards the US.
The attacks were also observed in other countries like Japan, Ireland, UK, Sweden, Peru, India, the Philippines, Germany, and more, even though the percentage of attacks towards other countries was significantly lower than in the US, the report mentioned.