Job postings as phishbait.
By Tim Nodar, CyberWire senior staff writer
Oct 23, 2023

You want communication to be frictionless, but that unfortunately lets the bad actors slide by, too.

Job postings as phishbait.

WithSecure is tracking a cluster of Vietnamese cybercriminal groups that are using phony job postings to distribute malware-laden documents: “WithSecure Detection and Response Team (DRT) detected and identified multiple DarkGate malware infection attempts against WithSecure Managed Detection and Response (MDR) customers in the UK, US, and India. It rapidly became apparent that the lure documents and targeting were very similar to recent DuckTail infostealer campaigns, and it was possible to pivot through open source data from the DarkGate campaign to multiple other infostealers which are very likely being used by the same actor/group.”

The criminals are primarily interested in stealing information and hijacking Facebook Business accounts.

Business is attractive chum.

Easy to join, and generally trusted by those who do, business-centric social media platforms attractive to social engineers interested in preparing their phish. Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, said in emailed comments, “LinkedIn is rife with fake accounts trying to gain access to companies or steal money. I personally get a few fake LinkedIn profile messages a week. I recognize them pretty quickly, and it's unfortunate that LinkedIn can't do the same as accurately and timely, but it's a tough job at scale.”

The challenge here is complicated by the legitimate desire to keep customers happy. “It's tough to do right and not end up disabling legitimate accounts. That's the perennial problem for the large social media vendors, how to detect and eradicate malicious profiles and activity while not making your legitimate user base mad.”

“It's a balancing act,” Grimes says, and it’s difficult to strike the right balance. “[T]he vendors very much fear making too many customers mad, because customers have a choice of social media platforms where they can hang out. Yes, making customers upset by allowing too many fake profiles to exist is a problem, but isn't as bad as wiping out too many legitimate accounts. The former problem is often tolerated by customers as an expected evil they have to live with, but the latter situation is more likely to make them leave the platform forever. So, social media vendors trying to balance eradicating maliciousness against not making legitimate users mad have to live with allowing some amount of maliciousness to exist in their ecosystem. It's a tough problem.”