Phishing attackers have found a new avenue: bogus job offers

A series of phishing campaigns are targeting companies in various industries with phony job offers using direct messages on LinkedIn, according to researchers at Proofpoint. The attacker initially makes contact by sending an invitation to the target on LinkedIn with a short message regarding job offers.

phishing attack boat bogus job offers
Within a week after the target accepts the invitation, the attacker will send a follow-up email with either a link or a PDF attachment that contains embedded URLs. These links take the target to a spoofed version of a real staffing service, which forces the download of either a Word document or a JScript loader. This document or loader will result in the installation of a JScript backdoor known as “More_eggs.”

More_eggs can be used as a downloader for additional malware, but it also has substantial information-gathering capabilities. It’s previously been used by Cobalt Group, a threat actor that primarily goes after financial organizations, although the Proofpoint researchers don’t attribute this campaign to any specific group.

Repeat offender now leveraging bogus job opportunities

They do, however, believe the actor behind this campaign may be the same one responsible for another phishing campaign revealed earlier this month by Brian Krebs, which targeted Bank Secrecy Act officers at a number of financial institutions.

Despite differences in targeting and the malware used, that campaign used similar PDF attachments which, at one point, contained URLs hosted on the same domain as the one used in the phony jobs campaign.

LinkedIn is one of the most popular platforms for phishing and spear phishing attacks, because users expect to receive unsolicited messages from people they don’t know. New-school security awareness training can teach your employees how to determine if a contact should be avoided and, above all, never to click on links or attachments unless they’re absolutely certain of their legitimacy.

Proofpoint has the story: https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers

Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.