Cybercriminals are targeting college students with fake job offers in the bioscience and health industries with the hope of extracting fees out of victims, experts are warning.
Researchers at the cybersecurity company Proofpoint uncovered the campaign, which targeted university students in North America in May and June — graduation season — using job-themed scam emails. The emails came from addresses related to organizations in bioscience, healthcare, and biotechnology.
The emails included interview requests for remote data entry jobs and often came with PDF files attached that outlined the specifics of the job. While Proofpoint was not able to confirm what was requested during the interviews, the campaign is part of a larger trend called advance fee fraud, where scammers trick victims into paying a fee in advance.
Proofpoint said it has seen this kind of fraud using biotech lures going back to March but noted that these kinds of fraudulent job offer emails have been a go-to tactic for scammers for years.
An example of an email sent by cybercriminals to unsuspecting applicants.
“Job scams prey on people looking for work and will typically offer a job while simultaneously requesting payment for things like equipment or other items they say are needed for the role,” said Selena Larson, senior threat intelligence analyst at Proofpoint.
“These scammers employ social engineering that takes advantage of a person’s excitement or desire about getting a new job, and subsequently steals their money.”
The scams are even more dangerous right now amid layoffs by several tech giants, which have impacted thousands of workers, the researchers noted.
Universities have long been a ripe target for these kinds of scams because students are often eager to find work when they leave school and are more open to remote work or job offers delivered through email.
Proofpoint warned that international students and even some native English speakers may not recognize the tell-tale signs of scam emails – like fraudulent email addresses and strange requests for advance payment.
Examples of PDF files describing the various purported companies and job opportunities.
Some of the emails obtained by Proofpoint come from addresses like [email protected][.]com while having subject lines with titles like “re: interview” or “interview invite.”
The emails often spoofed the names of real people at genuine companies that could be found on LinkedIn. Proofpoint noted that in one situation, someone warned on their LinkedIn page that scammers had been using her profile in these types of scams.
The attachments to the emails contained a list of hardware and software requirements for employment that typically cost a total of $7,000.
Proofpoint theorized that either the scammer would ask the victim to pay for the supplies upfront and offer to reimburse them in their first paycheck or provide a fake check that would bounce when used.
“These are typical behaviors for threat actors perpetrating employment fraud. In some cases, the actor may also ask for cryptocurrency payments to cover the ‘shipping expenses’ of items they are supposed to purchase,” Proofpoint researchers said.
“While most of the observed threats associated with this cluster were bioscience, biotechnology, and health themed, Proofpoint has also observed other themes that follow similar tactics, techniques, and procedures.”
Proofpoint warned that employers will never ask prospective employees to pay for things upfront or offer paychecks before a person starts work.
While Proofpoint did not attribute the campaign to a specific group, both financially motivated cybercriminals and state-backed groups have launched similar attacks in the past.
Experts warned last year that North Korean operators were bombarding people with emails about fake job opportunities at prestigious firms or fictitious salary increases as a way to get people to open emails carrying malware that enables the group to steal cryptocurrency.
Video game giant Riot Games filed a lawsuit last year claiming that a team of scammers “undertook an extensive, coordinated, and highly sophisticated fraud scheme” that lured eager professionals into handing over banking information and other sensitive data by dangling fraudulent job postings and interviews with fake human resources representatives.
Similar scams have been reported by Biogen, Vox Media, Harvard University and many others.
The FBI has repeatedly warned in the past few years of fake job advertisements used to lure applicants into scamming operations in Southeast Asia.
Recorded Future
Intelligence Cloud.
Learn more.
Jonathan Greig
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
Credit: Source link