Beware of the Resume Scam

August 21, 2017 | Views: 6943

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I recently stumbled across a scam. There are fake employment agencies that are calling security techs and others for jobs while asking for your resume. In this scam, you send your resume to them and when they call back they claim now they need to have you sign a representation agreement and once you sign that they ask for your birth date. This is the trigger. *Alert!* *Alert!* Why are you asking me for my birth date? If this is done, they have your resume with full work history, full name and (often) address, phone number and now your birth date. With this information, your life could be ruined. Some companies are legitimate and perform the same process, except the only difference is that they do not ask for your birth date. So please, beware of these fake employment agencies trying to steal your PII.

You might be wondering how I know about this information. This is what I did.

I got very suspicious. I sent in a fake resume but I embedded a payload into the resume via Microsoft Office Word.

When the intended recipient opened it, it gave me access to their PC. The PC had a web cam which I opened. I was astonished! Sure as hell, there were about 7 to 8 people in one small office with beat up computers and you could hear everyone talking at the same time. Oh, and yes they are all Middle eastern that just so happen to be named John Smith or George Washington. LOL yeah right.

I was going to attach the payload I used, since it is fairly simple, but decided against it since I just wanted to inform you of the scam, not ‘hack’ your way into someone else’s computer. If you need instructions message me. Notice the AVbypass.vbs can go around McAfee and Norton, AVG and a few more depending on when they updated last.

Lastly, I wanted to say, be safe out there and never give out your information unless you are absolutely certain of the legitimacy of the person/company asking for it. Sometimes companies will test you to see if you will easily give up information, and other times it’s just a scam. These days, scammers go the extra mile to seem legitimate and sometimes are legit but still phish people and sell their information.

David Cantrell  AKA Stryker

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. One time, I submitted my resume to a manpower agency, a small-time recruitment company. I suspect they re-used my resume and distribute them to a Loaning Company because somebody called my phone and asking me if I want to loan. I ask her where did she you got my information. She said my information is in a safe place. She’s evading my question and just creepy too.

  2. How soon? 😛 I’m curious what you used to plant the malware.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?