• FREE RESOURCES
  • PREMIUM CONTENT
        • SEE MORE
          PREMIUM RESOURCES
  • HR DEEP DIVES
        • Coronavirus (COVID-19) Resources for HR Professionals
          Employment Law
          Labor Law Posting Requirements: Everything You Need to Know
          Recruiting
          businesswoman selecting future employees on digital interfaces
          Recruiting Resources for HR & Hiring Managers
          Performance Management
          vector image of young female making star rating
          Performance Review Resources
          Employment Law
          Understanding Equal Employment Opportunity and the EEOC
          Recruiting
          Onboarding Resources for HR & Hiring Managers
  • CORONAVIRUS & HR

  • LOGIN
  • SIGN UP FREE

HR Morning

  • FREE RESOURCES
  • PREMIUM CONTENT
        • SEE MORE
          PREMIUM RESOURCES
  • HR DEEP DIVES
        • Coronavirus (COVID-19) Resources for HR Professionals
          Employment Law
          Labor Law Posting Requirements: Everything You Need to Know
          Recruiting
          businesswoman selecting future employees on digital interfaces
          Recruiting Resources for HR & Hiring Managers
          Performance Management
          vector image of young female making star rating
          Performance Review Resources
          Employment Law
          Understanding Equal Employment Opportunity and the EEOC
          Recruiting
          Onboarding Resources for HR & Hiring Managers
  • CORONAVIRUS & HR
  • Employment Law
  • Benefits
  • Recruiting
  • Talent Management
  • Performance Management
  • HR Technology
  • More
    • Leadership & Strategy
    • Compensation
    • Staff Administration
    • Policy & Procedures
    • Wellness
    • Staff Departure
    • Employee Services
    • Work Location
    • HR Career & Self-Care
    • Health Care
    • Retirement Plans

Did it just get harder to trust resumes online?

Christian Schappel
by Christian Schappel
May 13, 2015
3 minute read
  • SHARE ON

Will this discovery make you more skittish about reading digital resumes?

Threat researchers at the IT security provider Proofpoint Inc. recently discovered that CareerBuilder was used to attack employers with a phishing scheme.
The unknown attacker responded to job postings by submitting fake resumes that were loaded with malware.
CareerBuilder would then notify the employers with an email that included the malware-laden resumes.
If you’ve ever posed a job on CareerBuilder, you know what these emails look like and just how effective an attack like this would be. After all, the email would be coming from a trusted source — CareerBuilder — so you may not think twice before opening it and the attached resume.
What’s more, some recipients of emails like this from career sites may not think twice about forwarding them — and the attached resumes — along to colleagues, thus multiplying the damage.

Should you be worried?

The extent of the damage appears to be pretty minimal, as Proofpoint said it detected less than 10 emails that were sent containing the malware, and it notified CareerBuilder immediately.
It then went on to say that CareerBuilder “took prompt action to address the issue.”
The malicious attachments were Microsoft Word documents named “resume.doc” and “cv.doc.”
Proofpoint hinted that the reason the attack was so small likely had something to do with the fact that the attacker had to set up a fake profile and apply to the job ads to unleash the harmful files — actions that were surely time-consuming.
The troubling part, however, is how effective attacks like this can be. As security news site CSO points out, in a typical phishing email attack, only about 23% of recipients will open a given message — and of those, only about 11% will click on the harmful links within those messages.
But those figures wouldn’t apply to an attack like this, in which the instigator sent the messages using a vetted and trusted source. In an attack like this, open and infection rates would be sky high.
Something to think about: CSO Senior Staff Writer Steve Ragan surmises that this attack was just a trial run, and the attacker may now look to initiate the same scheme using other career websites that function similarly to CareerBuilder.

What should employers do?

Your next course of action: Don’t panic.
Career sites like CareerBuilder were alerted to the threat early, and are no doubt working on beefing up their security. Proofpoint even offered suggestions for how these sites can better protect themselves and their customers.
Some of the suggestions offered to career sites:

  • Scan the documents as they’re uploaded for malware, and
  • Export the documents’ contents to a Web portal and send secure links to the listing organizations.

As for employers, the prime target of the threats: If you’re worried CareerBuilder and the other job-posting sites that you use won’t be able to stop these kinds of attacks, it couldn’t hurt to have a chat with your IT department to see what it recommends.
The last thing you want to do is put a candidate search on hold or miss out on a superstar because you were too afraid to open up his or her resume.
Info: For more details on the attack and the malware used, here’s Proofpoint’s complete breakdown.

Get the latest from HRMorning in your inbox PLUS immediately access 10 FREE HR guides.

I WANT MY FREE GUIDES

Keep Up To Date with the Latest HR News

With HRMorning arriving in your inbox, you will never miss critical stories on labor laws, benefits, retention and onboarding strategies.

Sign up for a free HRMorning membership and get our newsletter!
  • This field is for validation purposes and should be left unchanged.
HR Morning Logo
  • Facebook
  • Twitter
  • Linked In
  • ABOUT HRMORNING
  • ADVERTISE WITH US
  • WRITE FOR US
  • CONTACT
  • Employment Law
  • Benefits
  • Recruiting
  • Talent Management
  • HR Technology
  • Performance Management
  • Leadership & Strategy
  • Compensation & Payroll
  • Policy & Culture
  • Staff Administration
  • Wellness & Safety
  • Staff Departure
  • Employee Services
  • Work Location
  • HR Career & Self-Care

HRMorning, part of the SuccessFuel Network, provides the latest HR and employment law news for HR professionals in the trenches of small-to-medium-sized businesses. Rather than simply regurgitating the day’s headlines, HRMorning delivers actionable insights, helping HR execs understand what HR trends mean to their business.

Privacy Policy Terms of Service
Copyright © 2021 SuccessFuel

WELCOME BACK!

Enter your username and password below to log in

Forget Your Username or Password?

Reset Password

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.

Log In

During your free trial, you can cancel at any time with a single click on your “Account” page.  It’s that easy.

Why do we need your credit card for a free trial?

We ask for your credit card to allow your subscription to continue should you decide to keep your membership beyond the free trial period.  This prevents any interruption of content access.

Your card will not be charged at any point during your 21 day free trial
and you may cancel at any time during your free trial.

preloader