Hackers sneak malware into job applications

Proofpoint Inc.

The automatic email sent to job-listers mirrors benign application notifications but includes an infected attachment.

Hackers are slipping malware into resumes submitted through the job posting website CareerBuilder.com to infect businesses, security researchers have found.

Attackers are browsing open positions and attaching malicious documents disguised with the name “resume.doc” or “cv.doc” to applications, according to the Sunnyvale, Calif.-based security company Proofpoint. The attack sends malware directly to hiring managers and interviewers because CareerBuilder automatically emails job-poster notifications and attachments with resumes when candidates submit applications.

“Rather than attempt to create a realistic lure, the attackers here have instead capitalized on the brand and service of a real site: the recipients are likely to read them and open the attachments because not only are they legitimate emails from a reputable service, but these emails are expected and even desired by the recipient,” Proofpoint researchers wrote in a blog post.

Hackers beware: SnapChat-esque technology to protect data

The startup company Vera does away with the concept of perimeters and walls, and attaches security to data itself so it’s secure if it falls into the wrong hands.

CareerBuilder is investigating the scope of the attack with third-party experts and alerting affected customers, says Jennifer Grasz, a spokeswoman for the company. She adds the website “has controls in place to stop mass distribution of applications to job postings and takes a variety of preventative measures” that she can’t describe further for security reasons.

Proofpoint says it has seen a low volume of these email attacks, which have targeted stores, energy and broadcast companies, credit unions and electric suppliers, and more specifically engineering and finance positions like business analyst and web developer.

The security firm says any job boards are susceptible to similar attacks.

MarketWatch.com – Top Stories

You may also like...