Steve Ragan reports:
Researchers at Proofpoint recently discovered a Phishing campaign that originated form select job postings on CareerBuilder.
Taking advantage of the notification system the job portal uses, the attacker uploaded malicious attachments instead of résumés, which in turn forced CareerBuilder to act as a delivery vehicle for Phishing emails.
The scam is both simple and complex. It’s simple because the attacker used a known job site to target a pool of willing email recipients, and complex because the malware that was delivered is deployed in stages.
Read more on CSO Online.