Posted 22nd April 2022
Could your innocent job search make you a victim of a spear phishing cyber-attack?
You may have noticed that we regularly warn our blog readers about the dangers of clicking on links in fraudulent emails. After all, it’s estimated that 94% of security breaches begin with an email in your inbox. But what if a private message from a recruiter landed in your LinkedIn messages? Would you click on the link? Especially if the link related to your industry specialism. Be careful, you could become a victim of spear phishing.
What is spear phishing?
Spear phishing is a scam that specifically targets individuals, organisations, or businesses. Usually, a spear phishing attack will arrive in the form of an email or a message on social media with a link. The message will look legitimate enough to open, but inside it there will be a link that directs the recipient to a fake website that will install malware onto their computer. The malware can then be used to take control of your whole system, steal important information, or target your contacts.
How can I get spear phished by doing a job search?
Cybercriminals are very clever and are always looking for new ways to get into your computer and take what they need. One example is a fake jobs scam on LinkedIn. The scam is quite simple, attackers pose as recruitment companies and target people who are looking for new jobs or career changes. They then send messages via the app and follow up emails. The messages and emails contain a zip file, usually with a job role description as the name.
The whole set up looks legitimate, especially if you’re browsing new jobs, but in the background is a nasty bit of malware called More-eggs which loads itself onto your system. More-eggs then allows an attacker to use the system for malicious purposes. The irony of choosing LinkedIn is that most businesses are happy for their staff to use the platform at work (some positively encourage it as a marketing and networking tool).
What can you do to protect your business from spear phishing?
Firstly, we’re not saying that you should ban your team from using LinkedIn, but we are saying that they need to be trained to be extra vigilant. In any situation it’s always worth keeping the saying, “if it’s too good to be true, it often is” in the back of your mind. But also consider how the person has found you, whether they have mutual connections, and if they seem too pushy for you to click on a link.
Alongside this, companies should reassess their cybersecurity provision, particularly considering whether they have back-ups. Having a back-up or disaster recovery protocol in place means that if you find that your company has become the victim of spear phishing you can get it back up and running quickly and with minimal turmoil.
Most importantly, keep the details of some cybersecurity experts in your phone. We’re always happy to chat about any worries or questions you have and can provide impartial advice on how to improve your cybersecurity. If you have any questions, just get in touch.