0P3N Blog Blog Post

Beware of the Resume Scam

By: Stryker
August 21, 2017
I recently stumbled across a scam. There are fake employment agencies that are calling security techs and others for jobs while asking for your resume. In this scam, you send your resume to them and when they call back they claim now they need to have you sign a representation agreement and once you sign that they ask for your birth date. This is the trigger. *Alert!* *Alert!* Why are you asking me for my birth date? If this is done, they have your resume with full work history, full name and (often) address, phone number and now your birth date. With this information, your life could be ruined. Some companies are legitimate and perform the same process, except the only difference is that they do not ask for your birth date. So please, beware of these fake employment agencies trying to steal your PII.You might be wondering how I know about this information. This is what I did.I got very suspicious. I sent in a fake resume but I embedded a payload into the resume via Microsoft Office Word.When the intended recipient opened it, it gave me access to their PC. The PC had a web cam which I opened. I was astonished! Sure as hell, there were about 7 to 8 people in one small office with beat up computers and you could hear everyone talking at the same time. Oh, and yes they are all Middle eastern that just so happen to be named John Smith or George Washington. LOL yeah right.I was going to attach the payload I used, since it is fairly simple, but decided against it since I just wanted to inform you of the scam, not 'hack' your way into someone else's computer. If you need instructions message me. Notice the AVbypass.vbs can go around McAfee and Norton, AVG and a few more depending on when they updated last.Lastly, I wanted to say, be safe out there and never give out your information unless you are absolutely certain of the legitimacy of the person/company asking for it. Sometimes companies will test you to see if you will easily give up information, and other times it's just a scam. These days, scammers go the extra mile to seem legitimate and sometimes are legit but still phish people and sell their information.
David Cantrell  AKA StrykerCantrell1980@gmail..com

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry