Hackers send almost 4,000 fake job offer emails every day: report

Cybersecurity firm Proofpoint released a new report Tuesday about fake job emails being sent by threat actors, noting that they are seeing nearly 4,000 similar phishing emails each day. 

Threat actors are using the promise of easy money to steal personal data or trick victims into committing money laundering.

“These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly,” Proofpoint vice president Sherrod DeGrippo said. 

“They are very concerning for universities especially, and Proofpoint detects and blocks thousands of employment fraud threats weekly that could harm their students and faculty.” 

Proofpoint shared specific examples that included fake job offers from United Nations Children's Fund (UNICEF) and fashion brands like Zaful and Fashion Nova. The phishing emails all have legitimate-looking corporate branding, compromised/spoofed university addresses, Google Forms, fake checks and more.

Proofpoint noted that the cybercriminals are exploiting the massive employment changes brought on by the COVID-19 pandemic to lure job seekers into clicking on malicious emails and links. 

Many of the emails seen by Proofpoint experts feature threat actors posing as recruiters or employers offering jobs ranging from caregivers to administrative assistants, models, or rebate processors.

“Some may initially start by collecting money allegedly for administrative fees or passport services, but that's typically done to weed out applicants and is not usually the end goal. Additionally, participation in these schemes could result in a victim facing criminal charges for working as a money mule,” Proofpoint explained. 

“Of the job themed threats recently identified by Proofpoint, nearly 95% are targeted to educational institutions, mainly colleges and universities. Although most targets are in the United States, threat actors occasionally target European and Australian entities as well.”

They noted that recent FBI reports have found that victims of these attacks lost a combined total of at least $62 million in 2020. 

In one case study, Proofpoint researchers observed a threat actor spoofing a university email address and offering an executive personal assistant role at UNICEF.

The email referenced a COVID-19 relief program and had a link to a Google Form that asked people to enter their information. 

After the researcher shared their information in the Google Form, the threat actor emailed them and sent several fake cashier checks before asking for money in return. 

In January, UNICEF released a warning about these kinds of job offer scams, noting that they never charge fees during the recruitment process and will never request banking information. Proofpoint shared similar guidance, noting that no job will send payment before an employee’s first day. 

Last week, Google released a security report highlighting that North Korean threat actors were running a similar scam, using fake job offers to spread malware at 10 different news outlets, domain registrars, web hosting providers and software vendors.