Recruitment Phishing Scam

A recruitment phishing scam that targets job applicants has impacted the recruitment division of CrowdStrike, an American cybersecurity technology company.

Cybercriminals have been impersonating CrowdStrike recruiters in order to distribute a cryptominer via email on its victims’ devices.

The campaign starts with a phishing email, which claims to represent firm’s recruitment process. The email invites the target to schedule an interview for a Junior Developer role by clicking on a link. This directs the victim to a malicious phishing site containing download links for a fake “CRM application.” Once the download link has been clicked it downloads a cryptominer on the victim’s device. Cryptominers are malicious software that have been designed to hijack a computer’s processing power to mine cryptocurrency. Cryptomining can cause affected devices to overheat which can result in damage and shorten the devices lifespan.

CrowdStrike has warned job seekers to be vigilant and has said that it is aware of other scams involving false offers of employment.

What can job applicants do to avoid falling victim to fake interview and recruitment scams?

• Beware of interview invitations that state an interview will be carried out via instant message or group chat.

• If you are asked to download software for interviews do not click the link until you have verified it with the recruiter.

• If you are asked to purchase products or services, or process payments as a condition of an employment offer politely decline.

• Verify the authenticity of a recruiter’s communications by contacting the recruiter directly through their website.

For more information on how to spot a phishing email please see our blog How to Prevent Phishing Attacks.