Recruitment sites, the new malware playground

Lia Timson
Thursday, 12 June 2008 09:31

IT People - Enterprise

“We believe they are using (these sites) to farm database details to send job applications to CIOs and CTOs, but these sorts of guys would probably pick that up, although some might’ve forwarded to HR and that would be seen as a genuine recommendation from the top.”

The attempt has major implications for recruitment sites wanting to protect their reputation and assure both advertisers and job seekers that their details are safe.

“Employers need to pay more attention to applications coming through. Rich text files and anything embedded should raise suspicion.”

Job applicants need to minimise the distrust towards their application by not embedding anything in a file, he says.

The new plot comes as major US and UK recruitment sites were the target of email harvesting spam attacks last month, as reported by ZDNet.com. The attacks aimed at penetrating the sites’ resume databases and capturing not only candidates’ email addresses, but also their personal details, work history and career aspirations. Seek.com.au, Moster.com and Computerjobs.com were among the reported targets.

Routley says cyber criminals are not short of imagination when it comes to exploiting the new recruitment avenue. Fake job advertisements aimed solely at harvesting contact details for the purpose of spamming, further targeted attacks or on-selling to organised cyber crime bosses are also among their new tools.