Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.
“The specific attack vector uses social engineering to manufacture a bureaucratic barrier regarding the candidate’s curriculum vitae (CV) and push the candidate toward taking actions such as reformatting their resumes for a fee….The attacker’s technique involves falsely claiming that a candidate’s resume failed to meet the applicant tracking system (ATS) requirements. The ATS is an online tool designed to analyze resumes for proper formatting, structure, and keyword optimization, ensuring they pass automated filters before reaching human recruiters.”
The social engineering attacks involve manufacturing a crisis in the recruitment process, which “increases the urgency and willingness of the victim to comply” with the attacker’s request. The fake recruiter refers the victim to a “CV expert” who will supposedly improve the resume to meet the company’s standards for a fee of several hundred dollars.
Unit 42 outlines the following advice to help users avoid falling for these scams:
- “Verify the sender’s domain: Always check the suffix of the sender’s email address. Scammers often use look-alike domains (e.g., @paloaltonetworks-careers[.]com instead of @paloaltonetworks.com).
- Request an official platform: If a recruiter contacts you on LinkedIn, ask to continue the conversation via an official corporate email or the company’s internal applicant portal.
- Zero-payment policy: Treat any request for payment during the recruitment process as an immediate red flag. Legitimate employers invest in talent; they don’t charge them.
- Cross-reference the recruiter: Search for the individual on the official company website or LinkedIn. If their profile seems new, has very few connections, or lacks a history at the company, proceed with extreme caution.
- Avoid suspicious attachments: Never download or open files with names like ATS diagnostic reports or Resume templates from an unverified source, as these often contain malware designed to compromise your device.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.
