Researchers have uncovered a novel twist to employment scams in which hackers, in this case FIN6 (aka “Skeleton Spider”), impersonate job seekers with fake resumes to lure recruiters rather than posing as recruiters to lure job applicants.
By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware. More details can be found here:
https://dti.domaintools.com/Skeleton-Spider-Trusted-Cloud-Malware-Delivery/
Erich Kron, security awareness advocate at KnowBe4, commented:
“This is an interesting twist to the common recruiting scam and is especially dangerous because the attackers take time to build a rapport with the recruiter before springing the trap. It’s wise to be suspicious of email or text messages that are unsolicited or unexpected, but in this case, the recruiters do expect to receive correspondence and documents, and the back-and-forth conversation builds the trust the attackers need to execute the malware.
“In any organization, there are going to be departments that deal with outside communications, and these departments should be trained and educated about how to handle potentially dangerous attachments or links. It’s also good to remind employees not to let their guard down as they get comfortable in a conversation.”
Threat actors are getting more and more crafty. That means you have to get more and more suspicious of anything and everything that hits your inbox to avoid something really bad happening to you.
Related
This entry was posted on June 10, 2025 at 4:22 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
FIN6 Hackers Impersonate Job Seekers to Phish Recruiters
Researchers have uncovered a novel twist to employment scams in which hackers, in this case FIN6 (aka “Skeleton Spider”), impersonate job seekers with fake resumes to lure recruiters rather than posing as recruiters to lure job applicants.
By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware. More details can be found here:
https://dti.domaintools.com/Skeleton-Spider-Trusted-Cloud-Malware-Delivery/
Erich Kron, security awareness advocate at KnowBe4, commented:
“This is an interesting twist to the common recruiting scam and is especially dangerous because the attackers take time to build a rapport with the recruiter before springing the trap. It’s wise to be suspicious of email or text messages that are unsolicited or unexpected, but in this case, the recruiters do expect to receive correspondence and documents, and the back-and-forth conversation builds the trust the attackers need to execute the malware.
“In any organization, there are going to be departments that deal with outside communications, and these departments should be trained and educated about how to handle potentially dangerous attachments or links. It’s also good to remind employees not to let their guard down as they get comfortable in a conversation.”
Threat actors are getting more and more crafty. That means you have to get more and more suspicious of anything and everything that hits your inbox to avoid something really bad happening to you.
Share this:
Like this:
Related
This entry was posted on June 10, 2025 at 4:22 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.