09.12.2025 - Cybercriminals leverage how application processes work to build trust and manipulate job seekers. Enticing employment opportunities on fake profiles seem attractive and authentic, lowering candidates' level of vigilance. The hope of a successful job offer can lead to job seekers acting rashly, which scammers exploit to their own advantage.
Week 49: The hidden risks of enticing employment opportunities - How job seekers fall into the malware trap
Platforms such as LinkedIn and Xing enable users to network with colleagues in the same field of work and connect with new contacts. They also allow users to subscribe to job vacancies through these portals. Yet where people are looking for the next rung on the career ladder, scammers see an opportunity to capitalise on ambition. In recent weeks, two cases have been reported to the NCSC in which attackers exploited job seekers' hopes of finding new employment as bait, attempting to install malware on their devices.
Upload error
In the first case, a software developer received a direct LinkedIn message, supposedly from a reputable recruitment agency. The communication style seemed professional and was hardly any different from a real application process. After a few straightforward questions, the candidate was asked to record and upload a short introductory video. However, a technical problem occurred when uploading the video. To solve this, the candidate was then asked to execute a specific command in the command line of their computer. The command code was hidden by the attackers (known as an 'obfuscated command ') so that the actual command was no longer recognisable and therefore did not arouse suspicion. The domain name used to deliver the actual malware also looked convincingly similar to that of a well-known technology company. After executing the command, the victim's system was completely compromised: files were no longer accessible, and data was even deleted from iCloud so that the victim could not access their backup.
Malware instead of an interview test
In the second case reported to the NCSC, the attackers also used LinkedIn as their point of entry. After brief, initial contact, an experienced IT specialist was invited to an interview to demonstrate his programming skills, something that is common in the IT industry. To complete the required coding test, the applicant first had to download a package containing programme code that was supposedly necessary to complete the task. What initially appeared to be a harmless test project turned out to be a sophisticated method of attack: the files provided contained hidden program code designed to steal confidential data from the victim's computer. In this case, however, the software developer noticed the anomalies in time and aborted the process, thereby preventing any compromise.
Social engineering in the application process
Technology plays a key role in fraud cases like these, but the real success factor is exploiting psychological tendencies. Scammers deliberately exploit the typical dynamics of a job application process to deceive their victims; enticing employment opportunities are their perfect gateway. The fact that a great deal of personal information is visible on platforms such as LinkedIn makes it easy for attackers to target skilled workers and offer seemingly tailor-made positions. The prospect of a promising career opportunity lowers victims' level of vigilance.
By cleverly imitating the websites of well-known companies, recruitment agencies and brands, scammers give the impression of holding what appears to be an authentic hiring conversation. They are often verified on platforms such as LinkedIn, which further increases the credibility of the job advertisement. Victims automatically fall into the familiar applicant-interviewer dynamic, giving scammers the perfect opening to exploit professional norms and manipulate the power imbalance.
During an interview, applicants want to make the best impression and present themselves as cooperative, which increases the likelihood that they will carry out unusual and questionable instructions without hesitation. At this point, an alleged technical error seems plausible, and a job candidate may feel reluctant to challenge it.
Recommendations
- If you notice any inconsistencies or are suspicious, check whether the company that supposedly advertised the position actually has vacancies. If necessary, follow up by calling the number listed on the company's website.
- Stop immediately if your virus scanner flags something or a browser warning appears.
- Check the data protection and privacy settings of your social media accounts and decide what personal information you want to share.
- Do not disclose your personal details too early to a recruiter. Account details for salary payments, for example, are only relevant after a job offer has been accepted and confirmed.
Current statistics
Last week's reports by category:
Last modification 09.12.2025
