Beware of the Resume Scam

Profile image for configx
August 21, 2017 | Views: 3399

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I recently stumbled across a scam. There are fake employment agencies that are calling security techs and others for jobs while asking for your resume. In this scam, you send your resume to them and when they call back they claim now they need to have you sign a representation agreement and once you sign that they ask for your birth date. This is the trigger. *Alert!* *Alert!* Why are you asking me for my birth date? If this is done, they have your resume with full work history, full name and (often) address, phone number and now your birth date. With this information, your life could be ruined. Some companies are legitimate and perform the same process, except the only difference is that they do not ask for your birth date. So please, beware of these fake employment agencies trying to steal your PII.

You might be wondering how I know about this information. This is what I did.

I got very suspicious. I sent in a fake resume but I embedded a payload into the resume via Microsoft Office Word.

When the intended recipient opened it, it gave me access to their PC. The PC had a web cam which I opened. I was astonished! Sure as hell, there were about 7 to 8 people in one small office with beat up computers and you could hear everyone talking at the same time. Oh, and yes they are all Middle eastern that just so happen to be named John Smith or George Washington. LOL yeah right.

I was going to attach the payload I used, since it is fairly simple, but decided against it since I just wanted to inform you of the scam, not ‘hack’ your way into someone else’s computer. If you need instructions message me. Notice the AVbypass.vbs can go around McAfee and Norton, AVG and a few more depending on when they updated last.

Lastly, I wanted to say, be safe out there and never give out your information unless you are absolutely certain of the legitimacy of the person/company asking for it. Sometimes companies will test you to see if you will easily give up information, and other times it’s just a scam. These days, scammers go the extra mile to seem legitimate and sometimes are legit but still phish people and sell their information.


David Cantrell  AKA Stryker

Cantrell1980@gmail..com

Share and Earn Cybytes
FacebookTwitterGoogle+LinkedInEmail
Save
+1
5
7
Use Cybytes and
Tip the Author!
Join
Share and Earn
Cybytes
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Be the Best at Whatever You Do.
We Have the Tools to Get You There.
Visit the NEW Marketplace of Over 500 Skill Enhancement Tools.
7 Comments
  1. How soon? 😛 I’m curious what you used to plant the malware.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

A “Noob’s” Guide to Ransomware
Views: 515 / September 23, 2017
Dark Network Guide!
Views: 2165 / September 22, 2017
UNM4SK3D: SEC, APT33, and CCleaner
Views: 970 / September 22, 2017
Penetration Testing Flash Applications
Views: 1082 / September 22, 2017
d
Skip to toolbar
Cybrary works best if you switch to our Android-friendly app
Continue

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel