Scam: beware of this new email scam that could rob you!

Web scams are on the rise. Hackers have started another campaign of data recovery. This happened at Pôle Emploi. On September 2, the company specializing in cybercrime, Vade, spoke about questionable practice. Documents sent to the Pôle Emploi application space reveal a phishing network since August. Zoom in on the situation.

An almost imperceptible plot

This time the hackers used a more detailed method to reach their end. They are now using the Pôle emploi platform for their scam.

They don’t exist do not attack small fish such as an indifferent employee. Instead, they go after the recruiters. For this, the criminal creates a banal job search profile. He saw an offer and contacted the employer who would be his next victim.

To apply to Pôle Emploi, you obviously need the applicant’s CV and a cover letter. Enough of that rejoice the evildoers. Sending attachments is a godsend for getting into a computer system.

The method of offering the service requires that the Pôle emploi send a message to the recruiterr, following this offer. According to Vade, the first message was from the Pôle emploi site and there was no danger.

But, hackers take this opportunity to send another message to the recruiter. He said many candidates applied. It encourages the professional to connect to the authentication page, from an additional link. Of course, this is all just a trap.

The message in question is:

“Hello. After your offer is now published on the pole-employment site, we offer you several profiles that match your search. So be sure to access the CV link when attached which will allow you to view these profiles…”.

Source: Pexels

you see a spelling mistake of “attached”.

When the victim clicked on the link at the mall, the parade can begin. This actually brings up a Google Docs. The victim believed link to the Pôle emploi website. But he actually gave his credentials, directly to the scammers.

To perfect the fraud, the hackers even send an authentication code to the boss. With these methods, recruiters do not suspect for a second that they have recently become victims of phishing. And yet…

More than 4,000 emails sent since August

Vade admits that 4,000 malicious emails sent as part of this scam, since August 2. They added that the day of September 1, alone, had 200 messages of the same genre. To this day, it is still difficult to identify all victims who are bosses in this practice.

The company that specializes in cybercrime, for example, has found leads a technician position targeted by hackers. However, scammers welcome various recruitment profiles with open arms. They seize all attackable offers.

Why is it so much effort? get credentials ? Vade’s cybercrime expert, Antoine Morel, provides the answer:

“The criminal first recovered an email address and password. He can access the company’s Pôle emploi account and search for important data, either on the company itself or on candidates who have sent a CV. These files contain a lot of personal information, so it is easier to target the victim, trick them or blackmail them if we know their past, their interests, etc. »

But that’s not all. Thanks to these identifiers, “hackers can also turn against the company with these identifiers in hand, and prepare wisely and attack in several stages”, emphasized the expert.

Source: Pexels

How to protect yourself against these Pôle emploi scams?

Numerama contacted Pôle emploi, about this scam on their audience. The body admits that the practice is not foreign to them. The latter will now be the subject of “close monitoring to identify and block this type of attempt”.

For some time now, the Pôle emploi has developed a system to detect and neutralizing false applicationss. Communication with targeted recruiters is also put in place, but not only. “An awareness action” is performed for all users of the site. advice sheets even issued with the participation of Cybermalveillance.gouv.fr.

However, this scam campaign continues. Faced with this, Numerama advises “just enter your identifiers from the official site. Instead of clicking on the link embedded in an email, type the site address directly in the search bar. This applies to all phishing emails. »

Leave a Reply

Your email address will not be published. Required fields are marked *