As businesses look for staff to fill casual roles over the holiday season a scam has emerged targeting HR professionals with fake job applications.
Emails are being sent to employers masquerading as job applications, which contain fake resumes that can infect computers.
MailGuard says it has intercepted a “large run” of the emails over the last few weeks, containing a wide variety of different sender names and subject lines.
The body of the email generally informs the reader the sender is interested in a position and their resume is accessible, so long as a “password” is entered.
Get daily business news.
The latest stories, funding information, and expert advice. Free to sign up.
Entering the password initiates a download of malicious software.
Several examples of subject lines include: “application”, “job application”, “regarding job”, “job”, “hiring and regarding position”.
Cyber security expert and chief executive of the International Cyber Resilience Institute Andrew Bycroft says scammers often target businesses in the lead up to the holiday season.
“They know when we are likely to let down our guard because we are simply too busy and take shortcuts because of time pressures,” he tells SmartCompany.
“With the holiday season fast approaching many retailers, for example, are looking for casual workers to address the busy shopping period and extended shopping hours and could fall victim to ‘job application response’ scams.”
Bycroft advises businesses to invest in antispam protection and to disregard unsolicited job applications altogether.
“Communicate to the entire company to pause and think at this time of year. Be extra vigilant. There are lots of scams and though this may be the time for giving, you don’t want to be giving to cybercriminals,” he says.
The job ad scam isn’t the only holiday season-focused cybercrime doing the rounds either.
An ongoing email scam trying to trick businesses processing packages with DHL has also reared its head again this year.
The fake emails pretend to be DHL shipping documents but take users to fake sign-in pages which harvest their usernames and passwords.
In a statement on its website, DHL has warned customers about the scam and advises businesses to double check the legitimacy of emails.
“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus,” the company said.