A new phishing scam has been identified that targeted job seekers who may have been interested in jobs with NATO, which may have been successful at obtaining personal information for those who applied.
The scam was identified by Webroot and consisted of convincingly disguised emails that looked to be from NATO’s Human Resources Division, which listed numerous NATO job openings. If a person was interested in applying for any of the positions, they were instructed to fill out phony NATO employment application and interview forms. Both forms required the applicant to submit personal and sensitive information including: name, address, telephone and cell phone number, email address, marital status, date of birth, information on their children, education, other skills, employment history, and much more.
“The Employment Application Form requires details on the security clearance, level and expiration date of the prospective employee, as well as details on whether or not an application has any civilian or military relatives, currently working for NATO,” said Dancho Danchev, CEO at Stealth Startup and cybercrime researcher. “Needless to say that someone’s looking for the very best in sensitive and personally identifiable information, from the socially engineered prospective employees.”
Once applicants fill out the forms they receive a response from the falsified NATO that invites them to “contact Director of training institute via email: (training@nspa-nato.int.tf or training@usnato-hr.org) For Registration and Training details.”
Danchev said the domains usnato-hr.org and spa-nato.int.tf are the same IPs that other fake domains that impersonated PayPal, the FBI, eBay, and others that redirecting to sites hosting the Blackhole exploit kit.
Danchev posted copies of the fake NATO Employment Application Form and faux NATO Interview Form.