The software company ESET has revealed that hackers are now trying to trick people looking for employment by giving them excellent job offers that are actually fake.
Those who have experience with the operating system Linux are the initial targets, and the criminal hacker group Lazarus is working hard to additionally target people who work in the software or DeFi (Decentralized Finance) platform industries. We expect this threat to expand into other areas of focus.
The hackers with Lazarus, which has previously been thought to be affiliated with the North Korean government, are mostly using social media sites like LinkedIn to send messages with job offers to its victims.
However, the messages are simply a ploy to get the victims to download malware.
In the message, the hacker will say that the job seeker has been offered a wonderful position and attaches what looks like a PDF file, stating that this is the offer agreement and that the person must download it to view the details of the newly offered job opportunity.
If the person clicks the file to download it, then a fake PDF file will appear to fool them while the malware downloads a payload in the background and infects their device.
Launching this malware directly at Linux means that Lazarus has officially been successful in targeting all major desktop operating systems.
They overlapped with Operation In(ter)ception, which initially started with aerospace, military, and defense companies that used Windows-only tools.
They then moved on to targeting macOS in July and August starting last year and have now conquered the Linux operating system as well.
ESET also claims that Lazarus also attacked the 3CX Phone System back in March 2023, which is used by more than 12 million users daily, including companies like American Express, Coca-Cola, and McDonald’s.
With all these major companies and every main operating system at risk, cybersecurity teams are certainly going to have their work cut out for them when it comes to protecting the safety of users.
As of July 2023, it has also been revealed that Lazarus is breaching Windows Internet Information Service (IIS) web servers and using them to distribute malware. IIS is Microsoft’s web server solution that is mostly used for hosting websites and application services.
The cybersecurity analysts at the South Korean company ASEC have reported that Lazarus has targeted the IIS server to gain access to corporate networks and distribute malware to visitors of these websites or users of the application services.
Be skeptical of job offers that come out of the blue, especially if they appear too good to be true. Exercise caution and thoroughly research the company and the job opportunity before proceeding. Just because it appears to come from what appears to be LinkedIn does mean a scammer isn’t trying to trick you.
Conduct a background check on the company offering the job. Look for their official website, contact information, and online presence. Check if the company has a reputable reputation in the industry.
Antivirus software, on the other hand, provides more comprehensive protection by scanning your device for viruses, spyware, and other types of malware. It can also detect and remove malicious software that has already been installed on your device and alert you of any phishing emails or ransomware scams.
Most importantly, antivirus software will prevent you from clicking a malicious link or opening a malicious PDF file that could install malware on your device in the first place.
See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by heading to CyberGuy.com/LockUpYourTech
Pay attention to email senders’ addresses and ensure they match the official domain of the company. With your antivirus software actively running on your desktop or laptop devices, carefully hover over links in emails to see the actual destination URL before clicking on them. Be cautious of any mismatch or suspicious URLs.
Avoid sharing sensitive information upfront
Be cautious about providing sensitive personal or financial information during the initial stages of the job application process. Legitimate employers typically gather such details after a certain level of trust and progress in the recruitment process. Not at the beginning.
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Enable 2FA whenever possible, especially on your email accounts, job portals, and any other platforms you use. This adds an extra layer of security by requiring a second verification step, usually a unique code sent to your mobile device.
Regularly update your operating system, applications, and security software to ensure you have the latest security patches and bug fixes. This helps protect against known vulnerabilities that hackers may exploit.
Create strong and unique passwords for all your accounts, including your email, job portals, and any other online platforms you use. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess.
Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
Check out my best expert-reviewed password managers of 2023 by heading to CyberGuy.com/Passwords
Hackers are increasingly targeting individuals seeking employment by offering fake job opportunities, particularly on social media platforms like LinkedIn.
This highlights the importance of being cautious, verifying the legitimacy of employers, double-checking email senders and URLs, avoiding sharing sensitive information upfront, enabling two-factor authentication, keeping software updated, and using strong, unique passwords.
Additionally, installing reliable antivirus software on all devices is crucial for protection against malware and phishing attempts. By taking these precautions, you can significantly reduce your risk of falling victim to fraudulent job schemes and safeguard your personal and professional information.
What measures do you take to protect yourself from cybersecurity threats? Have you ever been a target? How did you handle the situation? Let us know by writing us at Cyberguy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.