As the pandemic rages on, many companies are conducting new-hire interviews online.
Recently, an employee at Redbanc (a banking network), found a job opening on LinkedIn.
The job was for a website developer at a tech company.
A Skype interview was scheduled…
And the interviewer asked the potential new hire to install a program on their computer called ApplicationPDF.exe.
Installing the program was “part of the application and recruitment process.”
The software appeared to generate a standard application form – but in reality, it was malware.
As you can see, the job posting was a ruse.
And, the bank employee (hunting for another job) had unwittingly downloaded malware onto a company computer.
Hackers used the malware to steal the employee’s username, hardware information and operating system details.
With that info, the hackers staged another attack. This time targeting even more information.
The malware used in the hack was associated with Lazarus Group.
This is the group behind the Sony hack in 2014, and they have ties to North Korea.
The fake recruiters are targeting aerospace and defense firms in many countries.
The hackers target employees and send them e-mails containing infected Microsoft Word documents.
The documents are supposed to contain information about attractive career opportunities.
Instead, opening the document allows hackers to run wild inside company computer systems.
This isn’t the first time North Korea has targeted victims with fake job offers and it won’t be the last.
When times are tough, fake recruiters will try and trick you with “too good to be true” job offers or classified ads.
So, here are things to look for to make sure you or someone you know is not fooled by a fake job posting or fake classified ad.
Company has no online presence: If a job posting interests you, do some quick research.
Do a simple Google search on the company. Find out where their headquarters is.
Verify the person, the company, and the job listing that caught your eye.
If you find their webpage, look at Human Resources. Is the job listed?
These days almost any legitimate company has a website and a phone number you can call to verify things.
If you can’t find anything during your research, the best bet is to move on.
The job or ad is only on social media: Of course, you could land a great job or buy a legitimate item through social media.
But, if the job or item for sale is only posted on a social media site, it may not be real.
The majority of jobs posted online are vetted through the website posting them.
If you only see the job posted on say, Facebook, you need to do more digging.
They want money: If you’re asked to pay a fee to apply or to send in your application, obviously don’t do it.
Legitimate employers don’t charge to hire you.
So, don’t send money for work-at-home directories, advice on getting hired, or for anything else related to a job.
Get Rich Quick: Avoid listings that guarantee financial success or that help you “get rich fast.”
Stay clear of listings that offer you high income for part-time hours.
If the job claims great pay with no experience required, it’s too good to be true.
Too urgent: Beware of ads that display a strong sense of urgency.
If they need to hire you ASAP and there are pressure tactics to get you to work for them, that’s clearly a red flag.
Don’t let anyone rush you or bully you into not taking your time to properly vet a new job.
The bottom line is…
As sales and hiring move almost exclusively online, use these tips to stay safe.