The current economic climate globally is grim because of the ongoing recession. In this environment, job-themed emails have become a prime target for cybercriminals looking to exploit vulnerable individuals, according to cybersecurity company, Trellix. 

Trellix said its research centre has observed cybercriminals using phishing and malware campaigns to target job seekers in a bid to steal sensitive information. In phishing attacks, job seekers receive emails from fake companies or recruitment agencies, asking them to provide personal information or login credentials. 

Also read: Ransomware attacks dip but don’t let your guard down

These emails look legitimate but are designed to steal sensitive information, such as passwords or financial information. In malware campaigns, job seekers receive malicious attachments or URLs to websites that infect their devices with malware or download malicious software. The malware can then be used to steal sensitive information or to gain unauthorised access to the job seeker’s device.

The attackers are also targeting employers by posing as job seekers to exploit them by delivering malware through attachments or URLs that are disguised as resumes or identification documents of the applicant. This type of attack is becoming increasingly common as cybercriminals take advantage of the high volume of job applications that employers receive.

Also read: Number of records exposed in cyber attacks in 2022 sees a dip

The goal of these attacks is to gain unauthorised access to sensitive information, steal personal data, and disrupt the operation of the organisation, said the company. Trellix said its researchers have observed that more than 70 per cent of all job-themed cyberattacks were targeted toward the United States. 

The attacks were also observed in Japan, Ireland, the United Kingdom, Sweden, Peru, India, Philippines, and Germany to name a few, even though the percentage of attacks towards other countries was significantly lower than in the United States.