PHISHERS have been posing as Palo Alto Networks' recruiters in a months‑long job scam, targeting senior professionals with highly personalised phishing messages. Palo Alto Networks' Unit 42 researchers have been tracking the campaigns for the past seven months, according to a threat report published this week, noting that data scraped from LinkedIn helps create convincing lures.
The attacks use flattering language and details from victims' LinkedIn profiles, with the end goal of pushing candidates to pay a fee to have their CV reformatted or optimised, typically between $400 and $800, in a bid to restart a fraudulent recruitment process. The scheme begins with emails that appear to come from Palo Alto Networks' representatives, and proceeds through a staged process that fabricates urgency and introduces an external “expert” charge for CV work.
The article also notes that such recruitment scams are part of a broader pattern, with North Korean threat actors such as Lazarus cited as notorious for similar job‑recruitment campaigns. If targeted, victims are advised to cease communication, report the incident to infosec teams, and secure accounts with new passwords and MFA.