As businesses look for staff to fill casual roles over the holiday season a scam has emerged targeting HR professionals with fake job applications.
Emails are being sent to employers masquerading as job applications, which contain fake resumes that can infect computers.
MailGuard says it has intercepted a “large run” of the emails over the last few weeks, containing a wide variety of different sender names and subject lines.
The body of the email generally informs the reader the sender is interested in a position and their resume is accessible, so long as a “password” is entered.
Entering the password initiates a download of malicious software.
Several examples of subject lines include: “application”, “job application”, “regarding job”, “job”, “hiring and regarding position”.
An example of the scam email. Source: MailGuard.
Opportunistic fraudsters
Cyber security expert and chief executive of the International Cyber Resilience Institute Andrew Bycroft says scammers often target businesses in the lead up to the holiday season.
“They know when we are likely to let down our guard because we are simply too busy and take shortcuts because of time pressures,” he tells SmartCompany.
“With the holiday season fast approaching many retailers, for example, are looking for casual workers to address the busy shopping period and extended shopping hours and could fall victim to ‘job application response’ scams.”
Bycroft advises businesses to invest in antispam protection and to disregard unsolicited job applications altogether.
“Communicate to the entire company to pause and think at this time of year. Be extra vigilant. There are lots of scams and though this may be the time for giving, you don’t want to be giving to cybercriminals,” he says.
The job ad scam isn’t the only holiday season-focused cybercrime doing the rounds either.
An ongoing email scam trying to trick businesses processing packages with DHL has also reared its head again this year.
The fake emails pretend to be DHL shipping documents but take users to fake sign-in pages which harvest their usernames and passwords.
An example of the fake DHL email. Source: MailGuard.
In a statement on its website, DHL has warned customers about the scam and advises businesses to double check the legitimacy of emails.
“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus,” the company said.
NOW READ: How to identify and avoid email scams at Christmas
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.