Proofpoint released a new report this week about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day. Bad actors are using the promise of easy money to steal personal data or trick victims into committing money laundering. “These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” said Proofpoint. “They are very concerning for universities especially, and Proofpoint detects and blocks thousands of employment fraud threats weekly that could harm their students and faculty.”
Proofpoint shared specific examples that included fake job offers from United Nations Children’s Fund (UNICEF) and fashion brands like Zaful and Fashion Nova. The phishing emails all have legitimate-looking corporate branding, compromised/spoofed university addresses, Google Forms, fake checks and more.[1]
Proofpoint noted that the cybercriminals are exploiting the massive employment changes brought on by the COVID-19 pandemic to lure job seekers into clicking on malicious emails and links. Many of the emails seen by Proofpoint experts feature criminals posing as recruiters or employers offering jobs ranging from caregivers to administrative assistants, models, or rebate processors. “Some may initially start by collecting money allegedly for administrative fees or passport services, but that’s typically done to weed out applicants and is not usually the end goal. Additionally, participation in these schemes could result in a victim facing criminal charges for working as a money mule,” Proofpoint explained. “Of the job themed threats recently identified by Proofpoint, nearly 95% are targeted to educational institutions, mainly colleges and universities. Although most targets are in the United States, threat actors occasionally target European and Australian entities as well.”
Researchers noted that recent FBI reports have found that victims of these attacks lost a combined total of at least $62 million in 2020. Facts that should not be ignored. In one case study, Proofpoint analysts observed a threat actor spoofing a university email address and offering an executive personal assistant role at UNICEF. The email referenced a COVID-19 relief program and had a link to a Google Form that asked people to enter their information. After the researcher shared their information in the Google Form, the threat actor emailed them and sent several fake cashier checks before asking for money in return.
In January, UNICEF released a warning about these kinds of job offer scams, noting that they never charge fees during the recruitment process and will never request banking information. Proofpoint shared similar guidance, noting that no job will send payment before an employee’s first day.
Last week, Google released a security report highlighting that North Korean threat actors were running a similar scam, using fake job offers to spread malware at 10 different news outlets, domain registrars, web hosting providers and software vendors.
Common Sense is Instinct, Enough of it is Genius. Everyone has common sense. Use it when looking for jobs on the Internet. If the job sounds too good, it is probably a fake job.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Our analysts agree with the CSP and tough cyber security regulations for better network and Internet protections. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://therecord.media/hackers-send-almost-4000-fake-job-offer-emails-every-day-report/
Comments