This content is viewable by Everyone

Nov 2022: Recruitment Company Michael Page Impersonated in Job-Themed Lures

Threat Alert: What to Watch For

  • Cybercriminals have launched a series of phishing attacks against individuals in the UK impersonating the recruitment company Michael Page. These attacks are designed to spread malicious software (malware) to unsuspecting recipients.
  • The emails commonly use job-themed lures to convince targeted individuals to click links to view and download a job description.
  • Clicking the link leads to a lookalike Michael Page landing page, which encourages individuals to download a job description. The page includes a countdown clock for how long the file will be available, which is a tactic used to increase pressure to act. It also features a CAPTCHA field, which is likely included to lend an air of credibility and security to the page.

Key Action: Report Suspicious Emails

  • Report ANY suspicious emails using the Phish Alarm button in your email menu bar.
  • Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above.
  • If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part.
  • If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it.

Tips to Remember (at Work and at Home)

  • Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations. Michael Page is just one of many organizations that have been impersonated in job-themed phishing attacks.
  • Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or leads you to a file download. It can be tempting to click on a “call to action,” but if you want to check the validity of a job posting, it’s safest to go directly to a known, trusted website or application.
  • Be wary of enticing offers. Attackers try to manipulate people’s emotions in various ways, such as with the promise of a desirable job or a “too good to be true” offer. Be especially cautious of offers that also rely on a sense of urgency, such as the countdown clock on the fake Michael Page website.
  • Be wary of convoluted steps. Recruiters typically provide job-related details directly in the body of their message. Convoluted steps to learn about a job description, such as following a link to then download a file, should be treated as a warning sign.