Member-only story
Woohoo! I am being headhunted
A “recruiter” reached out to a senior executive on social media with a job offer. Interested, the executive provided his office email address to the “recruiter” for him to send the job description. Embedded in the email attachment was spyware that enabled the scammer to gain access into the executive’s organization and this resulted in the loss of proprietary information.
As users become more aware of phishing attacks, cybercriminals have had to once again evolve their tactics. The latest evolution involves two-stage attacks where stage one is the innocuous contact with the target to gain trust, before stage two where the actual attack happens.
In the example above, because it was the executive who asked for the job description, no red flags were raised as the file was expected and the executive thought nothing of downloading it.
While a two-stage social engineering attack involves more work for the scammer, a patient attacker who creates a credible avatar on platforms like LinkedIn can literally attack thousands. Couple this with the high credibility of the avatar to the target, the probability of a successful phishing attack would be high.
