Protecting Yourself from Phishing Attacks: Beware of Fake Job Applications on Indeed

Oct 8, 2023 06:52 AM
job postings
notion image


Breathe in, connect to the cyber realm, and let's explore the topic of phishing attacks. One particular threat that has been on the rise is the deceptive practice of phishing, where attackers cunningly deceive unsuspecting victims into divulging sensitive information. Researchers at Menlo Security have recently uncovered a new phishing technique that targets executives by leveraging fake job applications on the widely used employment platform, Indeed. We will delve into the details of this attack and provide valuable tips on how non-technical users can safeguard themselves from falling victim to such malicious schemes.

The Danger of Fake Job Applications

The phishing attack on Indeed starts with executives receiving an email that appears to come from someone they trust. The email references a job application or resume on Indeed, grabbing the attention of the recipient. However, if the victim clicks on the link provided in the email, instead of being directed to Indeed, they are redirected to a counterfeit Microsoft login page.

Exploiting Vulnerabilities and Stealing Information

Once the victim enters their login credentials on the fake Microsoft login page, the attacker steals their session cookie. This stolen cookie allows the attacker to bypass multifactor authentication and gain access to a legitimate Microsoft login page. From there, the attacker can potentially gain access to the organization's IT resources, putting sensitive data and systems at risk.
A session cookie is a small piece of information stored on your device that allows a website or application to recognize and remember you during your current browsing session.

Protecting Yourself from Phishing Attacks

To safeguard yourself against phishing attacks, especially those targeting job applications on platforms like Indeed, follow these precautions:
  1. Be Skeptical of Emails: Exercise caution when receiving emails with links, especially if they are unexpected or seem suspicious. Take the time to verify the sender's identity before clicking on any links or providing personal information.
  1. Check URLs Carefully: Before entering any login credentials on a website, double-check the URL to ensure it is legitimate. Phishing websites often use URLs that closely resemble the real ones, so be attentive to any subtle differences.
  1. Enable Multifactor Authentication (MFA): Whenever possible, enable MFA on your accounts. This adds an extra layer of security by requiring an additional verification step, such as a unique code sent to your phone, when logging in. If you aren’t sure how, you can follow our guide in the resource page of Phended.
  1. Stay Informed and Educated: Regularly educate yourself about the latest phishing techniques and stay up to date with security best practices. Organizations should also provide cybersecurity training to their employees to help them recognize and respond to phishing attempts.


Phishing attacks continue to pose a significant threat to individuals and organizations alike. The recent phishing attack on Indeed, targeting executives through fake job applications, serves as a stark reminder of the need for constant vigilance. By being skeptical of emails, carefully checking URLs, enabling multifactor authentication, and staying informed, non-technical users can significantly reduce their risk of falling victim to these attacks. Remember, your online safety is in your hands, so stay cautious and stay safe!