Hiring managers are on high alert following recent revelations that cybercriminals are leveraging fake resumes to infiltrate corporate systems and steal sensitive information. Cybersecurity firm eSentire recently advised that it detected a malware attack aimed at a company in the industrial services sector. The perpetrators posed as job applicants, directing recruiters to a fraudulent resume download site. Clicking the ‘Download CV’ button on the site triggered the download of a malicious Windows Shortcut File (LNK), eSentire explained in a blog post. Days later, the same URL simply displayed the resume in plain HTML, with no sign of malicious activity.
This attack was associated with the “more_eggs” malware, which is crafted to steal valuable credentials such as usernames and passwords for corporate bank accounts, email accounts, and IT systems. These cybercriminals also pose as recruiters and tend to execute their schemes during peak hiring periods.
The discovery has heightened concerns among executives about the potential for cybersecurity breaches stemming from internal staff errors. These incidents underscore the importance of adopting robust cybersecurity measures, such as regular software updates, employing antivirus programs, and maintaining strong, unique passwords. Additionally, it’s crucial to be wary of unsolicited emails and suspicious links to mitigate the risk of malware.
Annual Cyber Security Awareness Training is essential to prevent situations like these malware attacks involving fake resumes. Training enhances employees’ awareness of potential threats and equip them with the skills to recognize and avoid malicious attempts. When employees understand how to identify phishing emails and suspicious attachments, they can reduce the risk of inadvertently downloading malware that could compromise sensitive company information. This education is particularly crucial for HR professionals, who are prime targets for such scams during hiring periods. Continuous training ensures that all staff members are updated on the latest cybersecurity threats and best practices, thereby fortifying the organization’s overall security posture. Many insurances now are requiring organizations to show proof of Cyber Security Awareness Training to be insured. Empower your employees with training designed exclusively for your organization. Take control of your company’s security posture today and sign up for our Annual Cyber Security Awareness Training.