Glorify’s Post

WARNING: A recruitment phishing scam is underway using Avidly’s name A recruitment scam is phishing personal information from people that are “offered jobs” from Avidly. Cases have come to light this week using a false domain registered within the past four days. In the scam, people are contacted with (false) job offers. The “recruitee” (victim) is encouraged to log in to a site that uses Avidly's visual appearance, through which salary payment is promised. The website form collects personal data for unknown purposes. This site is NOT Avidly's. PLEASE DO NOT register on this website. All communication regarding Avidly recruitment processes will be sent from a genuine Avidly email address (@avidlyagency.com), the process will entail multiple face to face or video call interviews. Avidly has notified the authorities, who are seeking to shut down the site. If you have any concerns with the validity of your communication please contact us via our dedicated report a problem page: https://avdly.com/48bzD1b

TA4557, a #threatactor tracked since 2018 to be #sending #job-themed #email #threats, has started a new technique of #targeting #recruiters with direct emails that ultimately lead to #malware #delivery, according to Proofpoint. The threat actor known for using More_eggs downloader as the malware dropper has previously only resorted to applying to jobs posted on public job boards or LinkedIn postings, and inserting #malicious #URLs in the application. Since October 2023, however, TA4557 has been observed to be directly mailing employers seeking candidates for various job roles. In early November 2023, Proofpoint observed TA4557 directing the recipient to "refer to the domain name of my email address to access my portfolio" in the initial email instead of sending the resume website URL directly in a follow-up response, according to the post. This was likely a further attempt to evade automated detection of #suspicious #domains. The #potential #victim, upon visiting the "personal website" as directed by the threat actor, is presented with a page with a #fake #candidate #resume, which filters the user upon visit and decides whether to send them to the next stage of the attack. The users that pass the threat actor's filtering checks are subsequently sent to the candidate website that employs a captcha, which upon completion, initiates downloading a zip file containing a shortcut file LNK. LNK abuses legitimate functions in "ie4uinit.exe," a Microsoft utility program, to download and execute a scriptlet from a location in another "ie4uinit.inf" file in the zip. Proofpoint noted in the blog post that it has seen an increase in threat actors using benign messages to build trust and engage with a target before sending the malicious content, and TA4557 adopting this technique calls for organizations using third-party job posting to watch out for this actor's tactics, techniques, and procedures (TTPs). @laninfotech @glenbenjamin #laninfotech #becybersmart #becyberfit #besafe LAN Infotech, LLC

WARNING: A recruitment phishing scam continues using Avidly’s name A recruitment scam is phishing personal information from people that are “offered jobs” from Avidly. Cases have come to light this week using a false domain registered within the past four days. In the scam, people are contacted with (false) job offers. The “recruitee” (victim) is encouraged to log in to a site that uses Avidly's visual appearance, through which salary payment is promised. The website form collects personal data for unknown purposes. This site is NOT Avidly's. PLEASE DO NOT register on this website. All communication regarding Avidly recruitment processes will be sent from a genuine Avidly email address (@avidlyagency.com), the process will entail multiple face to face or video call interviews. If you have any concerns with the validity of your communication please contact us via our dedicated report a problem page: https://avdly.com/48bzD1b People have been approached and offered job also using Linked´in. We use Linked´in on headhunting purposes and after the first contact there are several interview rounds. We never use Linked´in on job offers either any other during the process. Me, Melanie Stuttard and Anica Alla are main persons from whom you might get first messages on Linked´in.

Note to LinkedIn Recruiters: This is not the norm in most of the jobs I have been applying for but it does not seem uncommon. Several jobs have asked for references during the application process. I understand that this may help things go quicker or provide something in the process but me doxxing people that have agreed to provide references without any contact from the company seems sketchy. I have some background in Info Sec and this seems like a great way to get targets for phishing attacks. I am not opposed to providing references, I just think it should be after I have some relationship with a perspective employer.

TA4557, a threat actor tracked since 2018 to be sending job-themed email threats, has started a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery, according to Proofpoint. The threat actor known for using More_eggs downloader as the malware dropper has previously only resorted to applying to jobs posted on public job boards or LinkedIn postings, and inserting malicious URLs in the application. Since October 2023, however, TA4557 has been observed to be directly mailing employers seeking candidates for various job roles. "In recently observed campaigns, TA4557 used both the new method of emailing recruiters directly as well as the older technique of applying to jobs posted on public job boards to commence the attack chain," Proofpoint said in a blog post. https://lnkd.in/eTRrP8M8

🌟 Just a reminder to take those phishing webinars seriously! Recently, I reached out to some recruiters and shared my resume for potential opportunities. I got a response from someone who seemed legitimate, with a lot of followers and positive comments. They sent me a link to a position. To be cautious, I checked my email separately, did a reverse lookup on the phone number, and contacted the actual company to verify the recruiter's identity. The position wasn't listed on their site, which was a major red flag. Turns out, it was a scam! #headache #tiring Job searching is challenging enough without having to weed out scams. Always take extra steps to verify and protect yourself. Stay vigilant!

Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. Throughout 2022 and most of 2023 the actor has been replying to open job listings on third-party job boards and, more recently, targeting recruiters direct. “Specifically in the attack chain that uses the new direct email technique, once the recipient replies to the initial email, the actor was observed responding with a URL linking to an actor-controlled website posing as a candidate resume,” Proofpoint explained... #recruiters #cyberattacks #malware #resumes #jobapplications

Hello Recruiters !! Beware of "More_eggs" Phishing Attack !! The More_eggs malware is being distributed by threat actors who disguise it as a resume, The primary targets are recruiters who are deceived into thinking they are interacting with job applicants. The latest attack chain involves malicious actors responding to LinkedIn job postings with a link to a fake resume download site. When the recruiter visits the site, they are prompted to download what appears to be a resume but is actually a malicious Windows Shortcut file (LNK). Be extra cautious with unsolicited emails and LinkedIn messages from unknown individuals.

🚨 Don’t get caught by “Phishy” scams! 🐟🎣 Our IT teams have detected an increase in phishing attacks from scammers impersonating Hays staff. These cybercriminals can be quite convincing – blending in with real messages from Hays to try and gain your trust. Stay vigilant for fake calls, e-mails and WhatsApp messages claiming to be from Hays with bogus job offers, services and requests to click links to verify information. #PhishingAlert

LinkedIn scams are on the rise! At least I have been experiencing a lot lately, most of which are Fake Recruitment and Email Phishing scams. The senders are usually your 3rd level connection who works at weirdly named companies with almost zero connections, no posts, and no activity whatsoever. Be careful with the links you receive over inbox or email. Stay vigilant!