Applying for a job? Be careful what you share on social media

Cybercriminals have moved on to attacking job seekers and new employees as soon as they announce a new job or notable achievements on social media.

Stephen Osler, co-founder and business development director at Nclose said criminals target newcomers, seizing the opportunity to deceive them immediately.

“Sharing our achievements on social media is essential, but safeguarding against cyber threats is paramount. Stay vigilant. A proactive approach to security is key in today’s digital landscape.”

Job-seekers and Employees at risk

He recalls one of the attacks a new employee experienced. The person had just shared their excitement on LinkedIn about starting a new job, but that opened a pathway for scammers to flood the new employee’s email with fraudulent emails.

This can also mean jobseekers who openly share their information on social media are prone to cyberattacks.

ALSO READ: Hackers out to get you? Here’s 5 tips to stay ahead

Employees at Nclose were flooded with emails from scammers pretending to be Osler with various requests. These scammers requested employees to buy vouchers on behalf of the company, with the promise of being paid back at a later stage.

“Then, the scammers asked the employee to send them the voucher codes, which essentially means that the money is sent to an untraceable location.”

Possible ways scammers use to attack

Cyberattacks are possibly on the rise, and Osler believes they are driven by organised cybercrime syndicates who prioritise social media reconnaissance in their open-source intelligence (OSINT) efforts.

These criminals not only exhibit sophistication and organisation but also leverage lead-generation tools that provide access to individuals’ personal email addresses and phone numbers.

ALSO READ: Gauteng warns of test result delays due to NHLS cyber attack

The recruits must also stay vigilant of these attacks as scammers can send them emails from the compromised business address of another company. Osler believes these types of attempts should be discussed more often at organisations, like they do at Nclose, to increase awareness and lower the chances of victims falling prey to fraudsters.

Mitigating the risk

Olser said mitigating the risk does not require avoiding social media or staying out of the news.

“As an individual, you naturally want to share your successes on social media. However, it is crucial to always prioritise security awareness within the organisation.”

For new employees, he recommends that companies consider starting training and awareness programmes with a security warning.

“This way, companies can inform new employees from the start about potential targeting and tactics used by cyber-criminals.”

ALSO READ: Six cybersecurity threats targeting children in 2024

He also recommends that organisations install all their internal security controls before giving out new laptops to recruits and remote workers. To reduce the risk of criminals exploiting job postings to target the company, HR and social media teams should undergo training to be extra vigilant.

“There is a risk of receiving malware hidden in a CV, for instance. Our advice is to create sandboxed environments and scan all attachments diligently to prevent any malicious content from entering the system.”