A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT).
A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.
In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.
If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.
Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.
A lot of tech people are getting laid off and looking for jobs. This makes them susceptible to social engineering efforts like this.
In the last two weeks I’ve been getting multiple unsolicited text messages saying they have reviewed my resume and have a job that would be perfect. Of course, there’s a link to follow.
If I sent someone a message like that, if they DID click on it, that would be an automatic disqualification on grounds of infosec dumbassery.
Be careful out there.
Huh, that’s an interesting way to potentially vet candidates for a sec job: throw a phishing link into a recruiting email (convincing email, sketchy link). If their email matches an application, reject the candidate. Include info about an actual position in the email, and if they report it, give them an interview.