- Fake Job Offers Used to Hack Tech Professionals
What You Need to Know
Cybercriminals—specifically the Lazarus Group, a North Korean-backed hacking operation—are targeting IT, software, and crypto professionals with recruitment scams. Disguised as legitimate job offers on platforms like LinkedIn, Upwork, Freelancer.com, and others, these scams aim to steal credentials, exfiltrate sensitive data, and access corporate networks.
Victims are lured in with dream jobs offering remote work and high pay. But once they engage, the scammers send malicious “take-home assignments” or code samples that infect systems with credential-stealing malware. Unlike typical scams, Lazarus is not after quick cash—they want to infiltrate companies and industries from the inside.
What You Should Do
To avoid falling into Lazarus Group’s trap, professionals should take the following precautions:
- Vet Job Offers Carefully: Double-check the job listing on the company’s official site and confirm that the recruiter’s email uses the company domain.
- Watch for Red Flags: Be wary of vague job roles, poor grammar, or recruiters pushing to move the conversation to private channels.
- Don’t Run Unverified Code: Never open or execute files from unknown sources unless you test them in a sandbox or virtual machine.
- Limit Information Sharing: Only provide essential details and never share credentials or access to work systems.
- Use Security Tools: Protect your devices with multi-layered cybersecurity, like iDefend, which can detect malicious scripts and phishing attempts before they do damage.
Think you are being scammed? Call our scam hotline or email us for help:
(801)-724-6211
scamwatch@invisus.com
