If a job offer looks too good or too weird to be true, it probably is. Global threat actors are taking advantage of "the great resignation" and targeting job seekers online with phishing links. At a Black Hat briefing this week, security experts explained where the hackers are coming from and how they're finding success with their schemes.
PwC's Global Threat Intelligence team identified nation-state threat actors in Iran and North Korea as the primary phishing scam culprits. According to Sveva Vittoria Scenarelli, principal cyber threat intelligence analyst at PwC, and Allison Wikoff, PwC's director of global threat intelligence, malicious groups use email, social media, and messaging apps to lure in current employees at high-profile companies.
The groups also flood job sites such as Indeed.com and LinkedIn with posts and messages describing lucrative opportunities for remote workers. But the posts and messages usually contain links to spoofed websites that install malware on your computer or mobile device.
Many threat actors behind the job post phishing schemes have a long history of online crimes. Some of the groups are motivated by money, some want industry secrets, and others are looking to commit identity theft.
North Korea's Black Alicanto is known in the cybersecurity community for targeting big players in the cryptocurrency market. Charming Kitten, a group based in Iran, targets journalists with phishing links in emails. Another Iran-based group, Yellow Liderc, targets US veterans looking for new jobs online.
Yellow Dev 13 is another group from Iran, and the PwC presenters say the collective appears to be motivated by espionage. The group creates websites for non-existent companies staffed by fake recruiters
Read more on pcmag.com