The New Year has begun with further news of a particularly cynical fraud campaign aimed at jobseekers. Lucrative-seeming fake job offers are being sent by email to individuals working in targeted organizations and in companies operating in critical industries.
This month, cybersecurity company Crowdstrike has identified an email phishing campaign exploiting its recruitment branding to deliver malware disguised as an “employee CRM application.” The fake email impersonates Crowdstrike recruitment and directs recipients who are curious about the personalized job offer to a malicious website. But Crowdstrike also reports that the cybersecurity company is also aware of a number of other fake job offer scams currently taking place.
“Outside of this campaign, we are aware of scams involving false offers of employment with CrowdStrike. Fraudulent interviews and job offers use fake websites, email addresses, group chats, and text messages,” says Crowdstrike.
Current economic uncertainties, stagnating wages, and New Year job lay-offs have created a fertile ground for scam offers of highly paid attractive but non-existent positions. While the latest job-offer scams to hit Crowdstrike appear to be designed to steal crypto-currency, there is evidence that nation-state-backed threat actors are also using fake job offers to hack into companies in critical industries.
Hackers target nuclear industry
Last year, for example, the infamous Lazarus Group, a threat actor with strong links to the totalitarian government of North Korea, was observed targeting employees in the US nuclear industry. The attacks were thought to be a continuation of a campaign that began as early as 2020, called Operation DreamJob (AKA Deathnote). The attackers created fake jobs and offered the almost-too-good-to-be-true positions to individuals employed in defense, aerospace, cryptocurrency, and other sectors.
Although the state-sponsored hackers seem to target critical industries, it is also likely that cybercriminals purely motivated by financial gain are also starting to copy the fake scam in times of economic uncertainty. Nation-state-backed hackers are also becoming increasingly adept at third-party attacks, as companies working in defense, aerospace, and other key sectors use services provided by a wide range of organizations not directly involved in those sectors. These third-party service providers often prove to be a soft underbelly for hackers determined to infiltrate critical sectors.
Companies across all sectors should, therefore, warn staff that unsolicited job offers that sound too good to be true are probably scams using fake job offers. Anyone wishing to pursue unsolicited job offers should take the time to contact the organization allegedly offering the post directly to ascertain if the job being offered is genuine.
