Screen Shot 2020 08 06 at 5 56 43 AM 1 1024x451 1

In this attack, malicious actors pose as job recruiters to lure victims into an over-the-phone scam.

Quick Summary of Attack Target

Platform: Office 365
Email Security: Office 365
Mailboxes: 15,000 to 50,000
Payload: Text/Vishing
Technique: Impersonation

What was the attack?

Setup: With unemployment on the rise, attackers are exploiting individuals in search of new positions. This attack makes use of targeted social engineering techniques, combining email and mobile platforms, to reap information from recipients.  

Screen Shot 2020 08 06 at 5 56 43 AM 1 1024x451 1

Email Attack: The attack impersonates an email from a recruiter at a non-specified career website. It appears to be directed to the recipient specifically. It is well written, and contains pleasantries, a brief description of the job requirements, the pay, pay schedule, conditions, and the HR contact. All details with the exception of the company that the job is actually for. At the conclusion of the email, the recipient is directed to reply to the given email with their phone number. 

Payload: The body contains an email that supposedly belongs to the HR manager in charge of the job posting. The attacker requests the recipient respond to the email with the recipient’s actual phone number, where the attacker can then attempt to solicit personal information.

Result: The practice of  luring victims into a scam performed over telephone is known as Vishing (Voice + Phishing). If the recipient responds to the email with their personal contact information, attackers can use it for another step in an attack on this recipient, for the purposes of a scam, or potentially to launch an attack on other individuals with whatever information is divulged. We don’t know exactly what direction this attack will take, but recipients will want to avoid passing along any information.

Why is this attack effective?

Screen Shot 2020 08 06 at 5.54.25 AM 1 1024x526 1

Urgency: The job landscape is rapidly shifting during the pandemic and employees are uncertain whether they will remain employed. Along with this shift, employees are seeking other positions in more favorable locations. When presented with this opportunity, it is easy to miss details that point out red flags such as the company represented being missing and rush to contact the job poster. 

Convincing Email: Despite the vague origin, the email is crafted convincingly. Everything from the format, grammar, and context are written in such a way that makes the recipient believe the email request is sound.

The post Abnormal Attack Stories: Job Recruiting Scam appeared first on Abnormal Security.