Cybercriminals often target Software engineering roles because of their job mobility and privileged access. It's possible you'll never meet someone in person who has such high-level access to systems and data!
You're Hired!
- Engineering Roles as Targets: Cybercriminals are increasingly targeting engineering roles due to their job mobility and privileged access. These roles are seen as honeypots for exploiting weaknesses within the hiring process.
- Fake Employee Scheme: An example is provided where a fake employee named "Kyle" attempted to install malware upon joining a technology provider on day one! This attack involved a fake CV, AI-manipulated headshot, and stolen social security number by a North Korean state operative.
- Job Application Scams: Cybercriminals exploit job application processes by engaging applicants in downloading documents with malicious links or software.
- Targeted Roles: Engineering roles are the most targeted (64%), followed by finance (12%), HR (10%), IT (10%), product (2%), and others (2%).
- Shared Inboxes: To increase the victim pool, attacks are often sent to shared mailboxes (52%) and individual inboxes with delegate functions (21%).
It's imperative to deploy email phishing protection and employee training to protect against such scheme and targeted attacks. Various features such as realistic phishing simulations, adaptive learning paths, and detailed reporting to help organizations effectively train their employees and protect against phishing attacks.
Please contact us for a free cybersecurity and phishing assessment.
Source: Jack Chapman, Kb4