May 4, 2015 By Douglas Bonderud 2 min read

Phishing scams are now commonplace. Businesses of all sizes regularly educate their employees on the risk of opening unknown attachments, even if they seem legitimate. But what if these scams didn’t need a lure? What if the message and attachment were expected and from a trusted source? That’s the case with a new attack effort. CSO Online reported that a set of CareerBuilder phishing emails have emerged. Using the CareerBuilder website as a jumping-off point, malicious actors have found a way to convince even savvy IT users they should grab the line and jump in the malware-infested boat.

Phishing With Dynamite

These CareerBuilder phishing emails were unique. Instead of legitimate-looking emails from a questionable source, these emails are expected, trusted and seemingly innocuous. The attack centers around CareerBuilder’s resume upload feature, which lets prospective employees attach a document file containing their resume to specific job applications. These files are then forwarded to the owner of the job posting from CareerBuilder itself, which allows them to bypass most perimeter email defenses, since the site is often white-listed. Upon arrival, users have no hesitation in opening the email and its corresponding “resume.doc” or “CV.doc” attachment because they come from a trusted source.

Security firm Proofpoint found that the malicious files use a chain attack approach, starting with vulnerabilities such as CVE-2014-1761 or CVE-2012-0158 to place a binary on the target system, CSO Online reported. Proofpoint didn’t say if any of the attacks were successful but did note that they were small in number — fewer than 10 — and targeted positions related to engineering and finance. It’s likely that these first forays were simply test attacks to see if the process would work. On a large scale, think of it like phishing with dynamite: This kind of white-listed attack would grab all but the most elusive fish, and even savvy IT users could be easily fooled.

An Endless Supply

It’s a rare week that doesn’t feature a new phishing scam making headlines. Healthcare IT News recently reported that the protected health information and Social Security numbers of 39,000 people were accessed after users were targeted by a compromised email account. The problem at large is simple: Users are an unlimited resource, giving hackers ample opportunity to develop new and more legitimate-seeming attack vectors. The problem is big enough that Google has developed a warning system. According to The Verge, a new Chrome extension called “Password Alert” is designed to let users know if they’ve been hooked. It works like this: Chrome compares a hashed version of user passwords to anything they enter into a text field. If the browser detects that users have entered their password into a non-Google site, it warns them of the potential risk. This is an after-the-fact solution, but it may still give users time to reset their passwords before it’s too late.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today