Skip to main content

Double-check that job posting — hackers are spreading malware through them

A new phishing scam has surfaced that is showing how sophisticated bad actors are becoming in tricking unsuspecting victims into giving up their personal information.

The latest cyberattack is centered around the job listing website, Indeed. Hackers send out an email spoofing an employment opportunity from the website. Once you click the link, it will send you to a Microsoft 365 login page to enter your credentials. From here you’re not suspecting anything unscrupulous, but the next time you attempt to log into your Microsoft 365 account, you will find that not only are you getting an error message that the information is incorrect, but that your account is no longer available.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Researchers at Menlo Security have observed this phishing scam, which is being targeted at U.S. executives in industries including electronic manufacturing, banking and finance, real estate, insurance, and property management, according to Bleeping Computer.

The cyberattack has been so seamless it has been able to evade multifactor authentication on Microsoft 365 accounts through a method called cookie stealing. This tactic is used to swipe the cookies from well-known websites and mimic their designs. By hacking recent web sessions of programs that are not commonly refreshed, bad actors that replicate pages can look identical to pages of common websites. Cookie stealing was also developed as a bypass for multi-factor authentication. If you have the security feature set up on your account, you would likely input it yourself, having visually deemed the website to be trustworthy.

Researchers began noticing cookie stealing attacks in 2022, targeting several major brands, including Google Chrome, Amazon Web Services (AWS), Azure, Slack, and Electronic Arts.

The hackers in this case used a platform called EvilProxy to execute their cookie stealing and fashion a page that looks like an authentic Microsoft login page. Multifactor authentication is commonplace for Microsoft 365 so users will have some form set up.

The addition of the Indeed email makes this phishing scam especially complex because opening the link triggers an open redirect, which is a weakness that allows the bad actor to direct you to their nefarious website after clicking on a seemingly legitimate link.

This isn’t the only phishing scam plaguing Microsoft services in recent times. Last month, for example, a team of hackers was able to infiltrate Microsoft Teams to execute a phishing scam called “DarkGate Loader.” The scheme centers on a bogus Teams message about “changes to the vacation schedule,” but contains intricate hidden malware when downloaded. Cybersecurity researchers uncovered that hackers were able to access Teams through compromised Office 365 accounts and even found the unsecured email addresses they were able to take over.

Ongoing spam and cybercrime have prompted email providers, including Gmail and Yahoo to set into place requirements for bulk senders as security measures. These requirements include email authentication, the ability to easily unsubscribe, and email assurance, and will be set in place starting February 1, 2024. Google said many of the requirements largely play as basic email hygiene but are being set forth with the aim of making it an industry standard.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
Hackers target your holiday shopping with new phishing scam
Woman using a laptop next to a latte.

It's easy to get fooled by this new and devious, holiday-themed phishing attack that offers free prizes. But the old caution that “if it sounds too good to be true, it probably is” continues to be proven correct in this case.

What makes this trick so effective is the elaborate methods used to conceal its nefarious purpose and to reassure you, the potential victim, that it’s perfectly OK to proceed. This phishing attack has actually been active since September and is ongoing, targeting holiday shoppers seeking special offers.

Read more
Hackers are infiltrating news websites to spread malware
A black fedora rests on top of newspapers infected with spreading green lines..

Some alarming news broke today that hundreds of U.S. news websites are unwittingly playing a big role in a new malware campaign that's disguised as a Chrome browser update. This is quite a devious attack method since it's considered an important security practice to update your browser as soon as possible.

The way hackers are delivering the malware is also clever. It’s coming via an advertising network that also supplies video content to newspaper websites across the nation. It’s difficult to identify and shut down this attack because it is applied intermittently. According to a tweet by the security research team Threat Insight, the JavaScript code is being changed back and forth from the normal harmless ad delivery script to the one that includes the hacker code that shows a false update alert.

Read more
Hackers are using fake WordPress DDoS pages to launch malware
A digital depiction of a laptop being hacked by a hacker.

Hackers are pushing the distribution of dangerous malware via WordPress websites through bogus Cloudflare distributed denial of service (DDoS) protection pages, a new report has found.

As reported by PCMag and Bleeping Computer, websites based on the WordPress format are being hacked by threat actors, with NetSupport RAT and a password-stealing trojan (RaccoonStealer) being installed if victims fall for the trick.

Read more