data using various sources such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques.
an increased number of scam and attacks against job seekers globally but also affecting the community of job seekers in Nigeria and we observed that Linkedin Jobs is a perfect breeding ground for this attack vector. LinkedIn Jobs is an extension of the popular professional networking platform LinkedIn. It’s being used by organizations to discover suitable candidates for open job roles and also by job seekers looking for new opportunities. And according to LinkedIn, LinkedIn Jobs provides easy-to-use tools to help you find the right hire quickly. It enables organizations to reach and engage with a community of millions of job seekers who visit LinkedIn every week. INTRODUCTION
deploy malware to attack the organization ❖ Scamming job seekers through fake employment opportunities ❖ Directly attacking job seekers to deploy malware on their devices IMPACT
where staffs and executives are being impersonated. Although the attack patterns are fundamentally similar, the TTPS used by local actors are different and less sophisticated ❖ Impersonate an organization or VIP ❖ Send emails and redirect to another actor in the same scheme ❖ Defraud victim by requesting for payment
staffs and executives are being impersonated. Although the attack patterns are fundamentally similar, the TTPS used by local actors are different and less sophisticated INDICATORS OSINT TOOLS Questionable interview Location Google Maps, Google Earth, Cross- referencing the location with a possible previously reported scam Domain Typo squat Whois, DNSInfo Unofficial/Non-private domain email Epieos for Emails including Yahoo and Gmail (https://epieos.com/), Using Google-dorking to cross-reference on the internet Phone Number TrueCaller, WhatsApp, Social Media, Google Dorking Company or Brand Name CAC Public Search, Whois, Yellow Pages, etc.
Sensitize employees about the importance of not opening and downloading documents and files not related to their work to company assets ❖ Sensitize job seekers about the legitimate means and process of application and communication used by the organization ❖ Update Antivirus, Antimalware, Intrusion prevention system (IPS) and Intrusion and detection system (IDS) signatures