Hackers are making job seeking more stressful than it already is
3 MAY 20170
Hunting for a new job is the worst. I don't think there is a single person out there who actively enjoys the process of sorting through job postings, crawling through networking sites, and approaching potential employers with your resume like Oliver and his empty cup of soup. It's the pits.
But, hackers are introducing a new wrinkle to an already unenviable task by aggressively targeting job seekers and the sites that cater to them. As more people turn to online resources such as LinkedIn, Glassdoor, and local employment posting websites to help them secure a new career, hackers are turning those very tools against them. Exploiting both the information available on those sites, and people's willingness to click links and open downloads on them.
Why target networking sites?
The logic behind these attacks is fairly clever. As far as sites go that are popular, accessible to public posts, and frequently not added to corporate or business blacklists, it doesn't get much better than a monolithic site for professionals like LinkedIn.
While businesses might restrict employees from visiting other social media sites like Facebook while using company workstations, LinkedIn is often allowed if not encouraged as a networking tool. So not only are hackers able to post links to compromised sites that expose users to trojans and ransomware, they have a higher likelihood of hitting a system with real value on it.
Then there is the information they can gleam. Why bother trying to hack and dig for personal information when with the right profile, professionals will line up to give it to you? E-confidence men impersonating recruiters, HR officers, and hiring managers can easily solicit resumes from unwary job seekers. The same social engineering style tricks are often employed on job posting boards where criminals will fabricate businesses and pose as potential employers.
Also interesting to note, most people sign on to platforms like LinkedIn and job boards using their personal email accounts. For obvious reasons, people searching for another job on the sly don't want those messages going to a corporate account, so they use their personal one. Problem is, while their IT department may have email virus scanners set up for every corporate account, no such protection may exists on their personal account. It creates a security hole criminals can use to infiltrate a system that might otherwise be too secure to get a foothold in. Gotta hand it to them, it's a clever move.
How do you look for a job safely?
By their very nature, professional networking sites and job boards will always involve a certain amount of trust and risk. But, there are ways to protect yourself from the most obvious pitfalls.
First, make sure you're using a virus scanning email service when logging into these sites or receiving communications with contacts made on them. Be wary of attachments and who is sending them. Word docs and PDFs are not always as harmless as they may appear, as they can contain malicious scripts that run when you open them. If someone sends you a doc, don't just open it blindly, look at who they are and think about why they couldn't just include this info in the email itself. If things don't add up, just delete the email.
Always do your homework. Before sending off a resume or responding to a "recruiters” message, toss the details into a search engine and see what comes up. With the proliferation of corporate sites and services like Google streetview, it's easier than ever to check out a fake address or confirm that a hiring manager is legit. A few minutes of extra diligence can save you a lot of hassle.
Be cautious with the information you share on these services. Don't link to personal social media accounts (this is a bad idea when job hunting in the first place) and think about what a potential employer realistically needs from you. Don't volunteer anything more than necessary. If you get in contact with a legitimate employer who needs some piece of information, you can always provide them with it during an interview where you verify they are who they say they are – no need to lay everything out in the open at all times.
Job hunting is hard and unpleasant already, the last thing you need to deal with is some hacker running a ransomware scam on you in the middle of it. Be careful when browsing networking sites and always remember the potential dangers of being a little too trusting or quick to volunteer personal info.