Latest Phishing Campaign Steals Jobs Portal User Credentials

• A new phishing campaign out there focuses on stealing user credentials from the "Indeed" employment website.
• Cybercriminals have succeeded in tricking many people through fake emails that persuade users to give away account credentials.
• This happens through a fake header that makes the email seem legit at first glance.

An ongoing phishing campaign targeting users of the employment website called Indeed was discovered by the Bitdefender Antispam Lab. The researchers' report says that 48% of the fraudulent emails have reached users in the US, 28% in Ireland, 5% in Finland, 3% in France and India, and 2% in Germany.

The cybercriminals send spoofed emails with a forged email header that reads "employers-noreply@indeed.com," so it seems to be legit communication coming from the job-listing portal. They ask the recipients to confirm their Indeed user email address by downloading the attachment and logging into their account after that.

The attachment, which is named “Indeed_Update.html,” opens a fake web page with a login form that has their email address already filled in, so the victim only needs to type in their password.

As expected, Indeed users who find this email in their inbox need to keep away from it, so do not open it - and definitely do not enter your password. The researchers advise recipients to delete the email and access the official Indeed website from a browser - or, if it's already too late for that, to just reset their password as soon as possible on the employment website and anywhere else they are using the same credentials.

However, this job portal happens to send a verification email to users during the sign-up process, but it only asks new users to confirm their email address by clicking on a link. So, that should be the only time when this email is legit, but it's always wise to check for fraud signs before engaging with any received email.