Criminals are now targeting recruitment websites to help with scams, according to Tony Osborn, technology manager at Symantec.

Recruitment company websites are being used by cybercriminals to implicate innocent jobseekers in illegal activity. Security software company Symantec has discovered that cybercriminals are recruiting ‘cybermules’ to handle stolen goods on their behalf through adverts place on recruiter websites.

These adverts are a variation on the classic ‘earn money working from home’ scam, and offer seemingly well-paid work receiving and shipping packages from an individual’s home address. They even direct jobseekers to legitimate-looking websites where they can apply online for the roles.

Once recruited, a cybermule will receive packages which they must unpack, re-pack and send on to another address, which is often that of another mule. The contents of these packages will either be goods that are stolen or obtained by deception (eg bought online with a cloned credit card), making it a criminal act to handle them. To add insult to injury, many cybermules are never paid a penny for their time spent helping cybercriminals to cover their tracks.

As gateways for eager jobseekers, recruiter websites are ideal targets for cybercriminals. Recruiters should therefore be vigilant about what third parties are posting or advertising on their websites.