DETECTING AND INVESTIGATING FAKE JOB LISTINGS USING OSINT

Transcript

1. DETECTING AND INVESTIGATING FAKE JOB LISTINGS USING OSINT OLAKANMI OLUWOLE

   27-10-2022

2. Our mission To monitor and alert users of immediate risk

   using a tactical approach, research, analyze and monitor the technical developments of various cyber trends and threat-actors in the following fields:

3. How we are doing it We gather massive amounts of

   data using various sources such as publicly available web references, social media channels and the deep dark web using a wide range of honey-pot techniques.

4. Cyber Threat Intelligence tailored for Africa

5. None
6. None

7. Global standards, Local expertise.

8. OUTLINE 1. Introduction 2. Impact 3. Techniques used in the

   wild and locally 4. Indicators and Investigations 5. Mitigation

9. In the past couple of months, CyberLAB Africa has observed

   an increased number of scam and attacks against job seekers globally but also affecting the community of job seekers in Nigeria and we observed that Linkedin Jobs is a perfect breeding ground for this attack vector. LinkedIn Jobs is an extension of the popular professional networking platform LinkedIn. It’s being used by organizations to discover suitable candidates for open job roles and also by job seekers looking for new opportunities. And according to LinkedIn, LinkedIn Jobs provides easy-to-use tools to help you find the right hire quickly. It enables organizations to reach and engage with a community of millions of job seekers who visit LinkedIn every week. INTRODUCTION

10. ❖ Organizations by using their employees as a proxy to

    deploy malware to attack the organization ❖ Scamming job seekers through fake employment opportunities ❖ Directly attacking job seekers to deploy malware on their devices IMPACT

11. TECHNIQUE – In The Wild ❖ Impersonation of legitimate staffs

    through name and signature forgery

12. TECHNIQUE ❖ Purchase of a domain typo squat used for

    sending out malicious emails and documents

13. TECHNIQUE ❖ Requests for job seeker’s PII

14. TECHNIQUE ❖ Enticing fake offers especially in terms of compensation

15. TECHNIQUE – Local Scene Locally, we’ve seen similar attack patterns

    where staffs and executives are being impersonated. Although the attack patterns are fundamentally similar, the TTPS used by local actors are different and less sophisticated ❖ Impersonate an organization or VIP ❖ Send emails and redirect to another actor in the same scheme ❖ Defraud victim by requesting for payment

16. TECHNIQUE – Local Scene

17. TECHNIQUE – Local Scene

18. INDICATORS & INVESTIGATION Locally, we’ve seen similar attack patterns where

    staffs and executives are being impersonated. Although the attack patterns are fundamentally similar, the TTPS used by local actors are different and less sophisticated INDICATORS OSINT TOOLS Questionable interview Location Google Maps, Google Earth, Cross- referencing the location with a possible previously reported scam Domain Typo squat Whois, DNSInfo Unofficial/Non-private domain email Epieos for Emails including Yahoo and Gmail (https://epieos.com/), Using Google-dorking to cross-reference on the internet Phone Number TrueCaller, WhatsApp, Social Media, Google Dorking Company or Brand Name CAC Public Search, Whois, Yellow Pages, etc.

19. MITIGATION ❖ Enforce Information Security Management System (ISMS) policies ❖

    Sensitize employees about the importance of not opening and downloading documents and files not related to their work to company assets ❖ Sensitize job seekers about the legitimate means and process of application and communication used by the organization ❖ Update Antivirus, Antimalware, Intrusion prevention system (IPS) and Intrusion and detection system (IDS) signatures

20. CONSLUSION This type of attack vector is becoming popular amongst

    threat actors looking to compromise organizations and also used in spear attacks globally

21. THANK YOU

22. None