Should You Trust Online Resumes
Computer hackers keep coming up with new ways to spread their malware. The latest ploy used the resume-posting site CareerBuilder as a launching platform to get their programs into the computers and onto the servers of various companies looking for employees through that site. It’s anticipated that this was a trial run and that other similar sites will also be targeted by the phishing scheme according to IT security provider Proofpoint Inc.
Here’s how the attack worked. An anonymous person posted a resume to the job site. The resume was in MS Word Rich Text Format (RTF) and had malware routines hidden within an included JPEG. Depending on the type of job that was being sought and the “qualifications” of the applicant, CareerBuilder would disperse those resumes via email to companies looking for certain types of applicants. The infected images were not detected because most anti-virus security programs do not scan JPEGs. Recipients would also be less likely to be suspicious of an image. Even security specialists checking potential incidents would not suspect that image files were hiding the malware they were seeking.
Since the emails came from CareerBuilder, a trusted source, recipients had no reason to suspect that malware would be included in the resume. Companies would open the resumes, which would begin the attack. In fact, the human resource departments of the companies that received these emails would forward them to other departments with the original resumes attached. The resumes were tailored to target jobs in engineering and finance, including “business analyst,” “web developer” and “middleware developer.”
Small-scale attack
Proofpoint informed CareerBuilder as soon as the scheme was discovered. Fewer than 10 emails containing the malware were distributed. It then went on to say that CareerBuilder “took prompt action to address the issue.” The malicious attachments were MS Word documents named “resume.doc” and “cv.doc.”
One possible reason for the relatively small-scale attack is that a fictitious profile had to be established, and the jobs had to be applied for directly. This would be time-consuming and labor-intensive.
High rate of success
Most phishing attacks have a low success rate. Only 23 percent of people who receive a phishing email will open it, and only 11 percent of those who do click on the link in the email to the malware. However, since these emails came from a vetted source, the rate of infection would be extremely high.
Dealing with these emails
If you’re a recruiter, you need to be careful, but don’t over-react. Proofpoint contacted other similar sites, and those companies have most likely amped up their security and warned their customers.
Proofpoint also offered suggestions to these career websites. Resumes should be scanned when they’re uploaded for malware. The documents could be exported to a remote site, and links to the resumes could be sent to potential employers.
Employers are encouraged to discuss the situation with their own IT security team to develop a course of action. Excellent employees are too valuable to slip through the cracks because you feared their resumes might be infected.