This content is viewable by Everyone
Nov 2022: Recruitment Company Michael Page Impersonated in Job-Themed Lures
Threat Alert: What to Watch For
- Cybercriminals have launched a series of phishing attacks against individuals in the UK impersonating the recruitment company Michael Page. These attacks are designed to spread malicious software (malware) to unsuspecting recipients.
- The emails commonly use job-themed lures to convince targeted individuals to click links to view and download a job description.
- Clicking the link leads to a lookalike Michael Page landing page, which encourages individuals to download a job description. The page includes a countdown clock for how long the file will be available, which is a tactic used to increase pressure to act. It also features a CAPTCHA field, which is likely included to lend an air of credibility and security to the page.
Key Action: Report Suspicious Emails
- Report ANY suspicious emails using the Phish Alarm button in your email menu bar.
- Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above.
- If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part.
- If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it.
Tips to Remember (at Work and at Home)
- Go beyond surface clues. Familiar logos, branding, and names are not automatic indicators that an email or website is safe. Cybercriminals often imitate well-known organizations. Michael Page is just one of many organizations that have been impersonated in job-themed phishing attacks.
- Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or leads you to a file download. It can be tempting to click on a “call to action,” but if you want to check the validity of a job posting, it’s safest to go directly to a known, trusted website or application.
- Be wary of enticing offers. Attackers try to manipulate people’s emotions in various ways, such as with the promise of a desirable job or a “too good to be true” offer. Be especially cautious of offers that also rely on a sense of urgency, such as the countdown clock on the fake Michael Page website.
- Be wary of convoluted steps. Recruiters typically provide job-related details directly in the body of their message. Convoluted steps to learn about a job description, such as following a link to then download a file, should be treated as a warning sign.