Yes, cyber security in recruitment is a genuine concern! Millions of people are currently searching for a new job, and employers are having difficulty finding the right people.
Whether it’s a complete career change or a new position in the same area of expertise, it’s estimated that a significant portion of the global workforce is actively seeking new opportunities at any given time. This includes those unemployed, underemployed, or looking to change fields entirely.
Job seekers and recruiters are prime targets for cyber criminals. For hiring teams, the valuable personal and organizational data under their care makes them attractive targets. For people searching for new employment, eagerness can lead them to submit their private information to potential companies. Suppose a bad actor posing as a hiring committee takes it so far as to conduct fake interviews and even offer you a nonexistent role. In that case, they can request highly personal information like your financials and Social Security Number!
Whether you’re looking for a new job or looking for a new candidate, everyone needs to know how threat actors are impacting both sides of the job market. Here’s how both parties can stay safe during their employment search and recruitment processes!
How Job Seekers Are Targeted
Cyber criminals send job seekers fake job offers or application forms, tricking them into providing personal information or downloading malware. Fraudulent job postings can even appear on legitimate job boards or social media platforms, which adds to the false sense of validity.
They can also target a specific candidate or demographic by gathering information from your social media profiles. Learning more about you as a target allows these spear-phishers to craft highly personalized and convincing “recruitment” emails. Just like any other genre of phishing scheme, it’s essential to recognize, avoid, and report odd messages and suspicious users.
Remember, actual job postings:
- Come from professional email addresses and domains. (i.e. NOT @yahoo.com)
- Contain well-written, error-free messages.
- Never ask for payment for applications, training, or background checks.
- Include detailed job descriptions and requirements.
- Have consistent branding and logos that match the company’s official materials.
- Provide verifiable contact information, including a company website and phone number.
- Conduct interviews, either in person or virtually, before making an offer.
- It should have reviews and a professional website where you can find information about the company online.
- Do not ask for sensitive personal information (like your Social Security number or bank details) early in the hiring process.
You should also make use of resources like the Better Business Bureau or online scam databases to verify the legitimacy of the job offer. Remember to research companies before you apply or accept any offers!
How Recruiters Are Targeted
Threat actors also plague people who are hiring. They represent a trove of company information usually shielded behind a robust professional network. It’s a rare opportunity for the public to interact directly with a high-clearance individual.
Thwarting this loophole, cyber criminals will send resumes with embedded malware; their systems get compromised when recruiters open these documents. The bad actor can then attempt to break further into the network. This is just one example of why network segmentation is an important aspect of your professional cybersecurity strategy. Network segmentation essentially means keeping different parts of the company systems apart from each other. If one part gets sabotaged, the rest of the data remains untouched.
Here’s how you can protect yourself and your company while searching for your next candidate:
- Post job openings on verified and reputable job boards to reduce the risk of encountering fraudulent applications.
- Always verify the authenticity of candidate information through multiple sources.
- Communicate through secure, encrypted, and official channels, and avoid using personal email addresses.
- Be cautious of unsolicited applications, especially those with attachments or links. If you posted on LinkedIn, for example, then they shouldn’t be contacting you directly.
- Look out for red flags such as poor grammar, urgent requests, or inconsistencies in the candidate’s information. (These are bad qualities in a candidate, anyway!)
- Perform thorough background checks on candidates before proceeding with the hiring process.
- As a recruiter, take your training seriously as you learn to recognize phishing attempts and malicious attachments.
- Report any suspicious activity to the relevant authorities and job platforms.
- Keep up-to-date with the latest phishing scams and cybersecurity best practices to protect your organization.
Let’s consider a real cyber threat targeting job recruitment teams to demonstrate why our vigilance is tied in with our cyber safety: The FIN6 Cybercrime Group has been known to target recruiters by sending seemingly legitimate job applications containing malicious URLs or attachments. Once these are opened, the attackers gain control over the targeted systems.
No matter which side of the hiring process you’re on, it’s essential to maintain up-to-date security software to detect and block malware on all your communication devices.
By staying vigilant and adopting these security practices, both job seekers and recruiters can significantly reduce the risk of falling victim to any cyber crime that comes their way.
Commonwealth Sentinel is here to help you navigate the ever-evolving and growing cyber security threats we all face. We can evaluate your existing IT security and work with your team to improve it. At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things. Contact us today or sign up for a free consultation.