Will this discovery make you more skittish about reading digital resumes?
Threat researchers at the IT security provider Proofpoint Inc. recently discovered that CareerBuilder was used to attack employers with a phishing scheme.
The unknown attacker responded to job postings by submitting fake resumes that were loaded with malware.
CareerBuilder would then notify the employers with an email that included the malware-laden resumes.
If you’ve ever posed a job on CareerBuilder, you know what these emails look like and just how effective an attack like this would be. After all, the email would be coming from a trusted source — CareerBuilder — so you may not think twice before opening it and the attached resume.
What’s more, some recipients of emails like this from career sites may not think twice about forwarding them — and the attached resumes — along to colleagues, thus multiplying the damage.
Should you be worried?
The extent of the damage appears to be pretty minimal, as Proofpoint said it detected less than 10 emails that were sent containing the malware, and it notified CareerBuilder immediately.
It then went on to say that CareerBuilder “took prompt action to address the issue.”
The malicious attachments were Microsoft Word documents named “resume.doc” and “cv.doc.”
Proofpoint hinted that the reason the attack was so small likely had something to do with the fact that the attacker had to set up a fake profile and apply to the job ads to unleash the harmful files — actions that were surely time-consuming.
The troubling part, however, is how effective attacks like this can be. As security news site CSO points out, in a typical phishing email attack, only about 23% of recipients will open a given message — and of those, only about 11% will click on the harmful links within those messages.
But those figures wouldn’t apply to an attack like this, in which the instigator sent the messages using a vetted and trusted source. In an attack like this, open and infection rates would be sky high.
Something to think about: CSO Senior Staff Writer Steve Ragan surmises that this attack was just a trial run, and the attacker may now look to initiate the same scheme using other career websites that function similarly to CareerBuilder.
What should employers do?
Your next course of action: Don’t panic.
Career sites like CareerBuilder were alerted to the threat early, and are no doubt working on beefing up their security. Proofpoint even offered suggestions for how these sites can better protect themselves and their customers.
Some of the suggestions offered to career sites:
- Scan the documents as they’re uploaded for malware, and
- Export the documents’ contents to a Web portal and send secure links to the listing organizations.
As for employers, the prime target of the threats: If you’re worried CareerBuilder and the other job-posting sites that you use won’t be able to stop these kinds of attacks, it couldn’t hurt to have a chat with your IT department to see what it recommends.
The last thing you want to do is put a candidate search on hold or miss out on a superstar because you were too afraid to open up his or her resume.
Info: For more details on the attack and the malware used, here’s Proofpoint’s complete breakdown.
