Banks, credit card companies, and insurance companies are among the standard targets for cyberattacks but job sites? Yes, proving again that hackers are always looking for new targets, LinkedIn has confirmed that users’ data could have been stolen and their systems potentially compromised after responding to a potentially “too good to be true” job opportunity.

 

North Korean hacking group, Lazarus, has infiltrated LinkedIn in a number of ways. They have posted fake job opportunities (many citing remote opportunities as a way to draw in American employees recently required to return to the office full-time) that then asked applicants to submit resumes, complete fake coding tests, or even download interview software (infected with malware). By targeting those in high-profile industries like defense, technology, and engineering, they are able to reach candidates who have had access to sensitive or even classified data and manage to either steal information by infecting their machines with malware or essentially talking the information out of applicants using simple social engineering methods.

 

Security experts note there is no tried-and-true method to identifying a fake firm, especially with all the automation involved in job hunts today, but here are a few tips to keep you safe and mitigate your vulnerabilities:

 

1. Ignore ads with poor grammar, lots of typos, or vague job descriptions.

 

2. Don’t rely on the LinkedIn profile/career page alone. Do some research online to confirm this company is who they say they are.

 

3. Ask around. If no one in your network has heard of this company, it may be a scam.

 

4. Don’t send your resume to an unvetted company. (And even when sending to fully-vetted companies, never include sensitive information.)

 

5. Don’t click any links embedded on the site or in communications from the company.