North Korean state-sponsored hackers disguising themselves as recruiters from Samsung sent bogus job announcements and offers to employees at security companies residing in their southern counterparts.
These organizations sell anti-malware software, and Google highlighted the situation in their first edition of its new Threat Horizons report, which is a newsletter that provides threat intelligence to those in the cloud. “The emails included a PDF allegedly claiming to be of a job description for a role at Samsung; however, the PDFs were malformed and did not open in a standard PDF reader,” Google said.
This serves as a reminder to cleared candidates to be cautious, and to cleared recruiters to make your presence well-known and upfront when reaching out to candidates, especially as we enter the holiday season where phishing scams are at an all-time high.
BEST RECRUITING PRACTICES WITH ONLINE THREATS
These five practices can help make it clear to your candidates that you are trustworthy.
- Reach out to candidates on trusted platforms like ClearanceJobs
- Include contact information and ALL ways that candidates can reach out (name, email, phone number including available by ClearanceJobs voice, message, email, text, or call).
- Ensure you don’t have any typos in your communications – that can be a red flag with scams.
- Follow up on an unanswered email with a ClearanceJobs message or voice chat, letting them know you hope you didn’t end up in their spam!
- Share your own best practices and tips in content online if it fits in with your recruiting brand (if you’re recruiting cybersecurity professionals, for example, the content will resonate with them).
The Google Threat Analysis Group (TAG), the team that identified the malicious communications, credited the recent incident to the same North Korean hackers that targeted security researchers on social networks from late 2020 throughout this year.
Your company, and you as an individual online, should be actively working to improve your cyber hygiene while avoiding hacking attempts from groups like these. It’s unfortunate that recruiters have yet another entity to compete with in addition to other cleared recruiters: the foreign adversaries.