Fake job application with malicious links or attachments
Summary: Scammers submit fake job applications containing resumes as either external links or email attachments. The links may lead to malicious websites, while attachments may contain malware. Once clicked or opened, these links and attachments can install malware, steal login credentials, or give attackers access to sensitive company data.
Tactic used: Exploiting expected recruitment behaviours. Scammers pose as candidates applying for a job and submit realistic applications, complete with resumes and cover letters. Scammers may disguise malicious links as fake online CV hosting services or portfolio platforms to build credibility, or hide malware within common file types such as PDF, DOCX, or ZIP as attachments. Scammers bypass suspicion by exploiting the expectation that candidates send documents or share portfolios online.
Top recommendations:
Avoid clicking on external links referencing to unfamiliar services or platforms, or opening suspicious attachments.
Use secure, company-approved portals for receiving resumes and other application materials, which would be configured to scan all application files with up-to-date antivirus and endpoint protection tools.