Business, Security

Haute couture or high crime? New job scam in META region

Brendyn Lotz

30th May 2023

Cybercriminals posing as HR at high-end fashion brands are trying to get folks to download Ducktail malware.
The malware can compromise a range of online platforms including credentials for Facebook Business.
The cybercriminals are targeting digital marketers and sales people in the META region.

With jobs being a pressure point in many parts of the world, cybercriminals are taking advantage of those looking for work in the digital marketing and sales fields.

A series of scams has been uncovered by Kaspersky. The scammers are said to target LinkedIn users from the UAE, Turkey and Nigeria within the Middle East, Turkey and Africa (META) region.

Cybercriminals are reportedly trawling LinkedIn looking for victims. The attackers pose as human resource managers for high-end fashion brands luring targets into downloading malware.

One victim spoke with Kaspersky and told the firm that the scammer appeared to be authentic with their LinkedIn profile containing testimonies and pictures. However, as the target interacted with the cybercriminal, red flags appeared.

“As we continued our conversation, he repeatedly insisted that I download some files related to the job, and this is when I felt something was off. Since I did not comply, he deliberately started mentioning the salary package to convince me into downloading the files, and this was the second red flag,” the person told Kaspersky.

Upon further investigation Kaspersky’s Global Research and Analysis Team (GReAT) discovered that the cybercriminals were using a malware known as Ducktail. This malware is designed to steal user login credentials for Facebook Business accounts. Should a victim be employed at a business that uses this platform, it could be a disastrous end for both the employee and the employer.

“This is not the first time Ducktail malware has made a comeback. Enticing people with a dream job that includes a hefty remuneration is a classic example of a social engineering tactic commonly used by scammers. Scammers are capable of communicating from accounts that look like corporate addresses, but in reality are compromised or from free email services or phishing domains,” explains Amin Hasbini, head of GReAT in the META region.

“We understand it is very difficult to constantly be on alert, but it is necessary to remain cautious and take basic measures into consideration. For example, understand how the recruiter found you, research the employer, make sure you have a security solution installed, and most importantly, avoid clicking on links or downloading attachments from unknown or suspicious senders,” Hasbini adds.

Meta itself detailed its experience with Ducktail earlier this year. The social media firm said that it had seen Ducktail attacks being used to gain access to browsers and file-hosting platforms such as Dropbox and Mega.

Needless to say, one needs to be incredibly vigilant when looking for work online. Where possible we recommend you contact a company directly rather than conversing with a person on LinkedIn.

[Image – Mohamed Hassan from Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.