Everyone wants their dream job. Some people get it, others think they’ve found it online… the job post looks appealing: the work promises to be exciting or challenging and the pay is generous. 

On the other side of the market, businesses want their dream candidate, easy to interview, enthusiastic, and matching all the skills needed for the job, and affordable too. 

But what happens if you found out the dream job didn’t exist – in fact, it’s a fake listing. The organization’s website has been spoofed, and the listing is a fake designed to trick the individual. Halloween season is soon – and this is one of the spookier scams. Spooky for both the organization, who faces potential reputational and financial damage, and spooky for the targeted individual, who faces a loss of personal data, and the potential for identity theft and all the cost and hassle it means.

In fact, earlier this year, the FBI issued an advisory alert, warning that cybercriminals were posting fake listings to target applicants – pointing to the severity of the threat of fake job listings. 

Recruitment fraud: How to spot when they’re faking it?

With digital recruitment technology making it easier to list fake jobs, the FBI warned, that “Criminals first spoof a legitimate company’s website by creating a domain name similar in appearance to a legitimate company. Then they post fake job openings on popular job boards that direct applicants to the spoofed sites.” 

Fake listings create problems both for victim organizations and targeted individuals. 

For the victim organization, spoof job listings affect the brand, causing reputational damage. On the individual applicant, fake jobs could potentially lead to loss of data, as was the case with the FBI advisory, whereby “cybercriminals’ emerging use of spoofed websites to harvest PII and steal money….conducting false interviews with unsuspecting applicant victims, then request PII and/or money from these individuals.” Consequently, this would “The average reported loss was nearly $3,000 per victim, in addition to the damage to the victims’ credit scores.”

What’s in it for the attacker?

Creating a spoof career or job listing website is a legitimate technique, and can be associated with various motivations, for example, harvesting PII, information, causing reputational and/or financial damage.

Here’s how fake recruitment listings have been leveraged in recent campaigns:

Case study: Operation Dream Job

In Operation Dream Job, Hidden Cobra, the North Korean APT group also known as “Lazarus”, posed as recruiters from prominent defense and aerospace companies and used job offers to gain access to victims.  Other social engineering efforts included the creation of fake LinkedIn profiles, sending emails to the target’s personal email addresses, and maintaining correspondence with the target over the phone and WhatsApp. The attack ultimately allowed Hidden Cobra to obtain information on their victims’ activity and financial affairs. 

Separately, the North Korean APT group conducted a campaign that used a spear-phishing email with recruitment opportunities at defense contractors as a lure. The emails contained malicious attachments with macros that were executed allowing for infection of victim networks. Victims were allegedly also targeted via social media. 

How to combat fake job listings: SearchLight (now ReliaQuest’s GreyMatter Digital Risk Protection) Phishing Detection

Digital Shadows (now ReliaQuest) SearchLight can help organizations detect recruitment spoof or phishing domains. Using advanced configuration tools, organizations can align the brands associated with phishing scams – which allows for greater accuracy in detection. 

SearchLight Phishing Detection

Combined with near real-time scanning, organizations can detect the spoofs, ascertain the risk and remediate immediately, with built-in takedown offerings or advanced managed takedown service, which focus on continued persistence and expertise to remove the threat. 

Learn more about SearchLight’s domain monitoring here