CareerBuilder listings used as Phishing platform

less than 1 minute read

phished

Researchers at Proofpoint recently discovered a Phishing campaign that originated from select job postings on CareerBuilder.

Companies seeking applicants allow them to send resumes. Someone figured out how to upload files that install viruses in a staged attack. The brilliant part of it is that most companies using CareerBuilder will also whitelist attachments from CareerBuilder, and are expecting to get attachments from unknown people, making a (spear-)phishing attack that much easier.

Source: CareerBuilder listings used as Phishing platform | CSO Online