May 4, 2015 By Douglas Bonderud 2 min read

Phishing scams are now commonplace. Businesses of all sizes regularly educate their employees on the risk of opening unknown attachments, even if they seem legitimate. But what if these scams didn’t need a lure? What if the message and attachment were expected and from a trusted source? That’s the case with a new attack effort. CSO Online reported that a set of CareerBuilder phishing emails have emerged. Using the CareerBuilder website as a jumping-off point, malicious actors have found a way to convince even savvy IT users they should grab the line and jump in the malware-infested boat.

Phishing With Dynamite

These CareerBuilder phishing emails were unique. Instead of legitimate-looking emails from a questionable source, these emails are expected, trusted and seemingly innocuous. The attack centers around CareerBuilder’s resume upload feature, which lets prospective employees attach a document file containing their resume to specific job applications. These files are then forwarded to the owner of the job posting from CareerBuilder itself, which allows them to bypass most perimeter email defenses, since the site is often white-listed. Upon arrival, users have no hesitation in opening the email and its corresponding “resume.doc” or “CV.doc” attachment because they come from a trusted source.

Security firm Proofpoint found that the malicious files use a chain attack approach, starting with vulnerabilities such as CVE-2014-1761 or CVE-2012-0158 to place a binary on the target system, CSO Online reported. Proofpoint didn’t say if any of the attacks were successful but did note that they were small in number — fewer than 10 — and targeted positions related to engineering and finance. It’s likely that these first forays were simply test attacks to see if the process would work. On a large scale, think of it like phishing with dynamite: This kind of white-listed attack would grab all but the most elusive fish, and even savvy IT users could be easily fooled.

An Endless Supply

It’s a rare week that doesn’t feature a new phishing scam making headlines. Healthcare IT News recently reported that the protected health information and Social Security numbers of 39,000 people were accessed after users were targeted by a compromised email account. The problem at large is simple: Users are an unlimited resource, giving hackers ample opportunity to develop new and more legitimate-seeming attack vectors. The problem is big enough that Google has developed a warning system. According to The Verge, a new Chrome extension called “Password Alert” is designed to let users know if they’ve been hooked. It works like this: Chrome compares a hashed version of user passwords to anything they enter into a text field. If the browser detects that users have entered their password into a non-Google site, it warns them of the potential risk. This is an after-the-fact solution, but it may still give users time to reset their passwords before it’s too late.

More from

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today