It is a known fact that the Cyber attacker will use any means at their disposal in order to harvest your personal and confidential data. Phishing still remains a tried and very much a true technique, as I have written about before with the BEC and Spear Phishing campaigns. But, there is another way they can get to you: It is through job boards, such as those like Indeed, Career Builder, Dice, Simply Hired, Glassdoor, and even Linked In.
They can either set up spoofed sites, or somehow still gather your personal data even after you have submitted your resume to the actual recruiting site. How they can do this, I am not exactly sure. I know that personally I have seen this a great number of times.
I have used all of the above mentioned websites, and I still get phony emails and even phone calls from phony recruiters. How can I tell this? The e-mails are just like Phishing ones. They have misspelled names, typos, etc. With the phone calls, I always ask the recruiter on the other end to send me their contact info. If they don’t, then I know it’s a phony call as well.
Now, even the military recruiting websites are not immune to this either. In fact, it was just announced that the Federal Trade Commission (FTC) just took down a number of fake websites, which included the following domains:
Although these domains look extremely authentic, they in fact are not affiliated with the military by any means. The scary part about this is that these websites have been around literally for years, and it is not until now that the Federal Government has actually taken any form of action.
These sites asked potential recruits for their full name, email address, phone number, and education history. This was done all in exchange for more information on how to join the military.
These “leads” were then sold to various high schools, junior colleges, and even universities for almost $40 per name and corresponding information/data. This was done even despite convincing the potential applicants that their data would be held in the strictest confidence.
The worst part about this all is that these websites have been around since 2010. Those individuals who submitted their information to these phony sites received phone calls from fake members of the military promoting certain schools as to where they could get recruited at.
Also, “ . . . hundreds of thousands of illegal telemarketing calls to phone numbers on the National Do Not Call Registry” were placed as well. (SOURCE: https://www.pcmag.com/news/363602/ftc-seizes-army-com-other-phony-military-recruitment-sites).
The Cyber attacker(s), in a plea deal with the FTC, handed over control of these websites to them. No further information as to what other legal consequences they could potentially face.
My thoughts on this?
First and foremost, all of the United States military websites, even the recruiting ones, will end in the domain of “.mil”. For example, this would be like army.mil, navy.mil, etc. Never even consider visiting a recruiting website that does not end with this kind of extension.
Also, before filling out online applications or forms for military recruitment, it is absolutely imperative that you confirm the legitimacy of the person that is requesting your information. You can also conduct a Google search for any negative reviews or complaints about a particular recruiting website.
Probably the most astonishing part about this whole thing for me is that it took almost eight full years for Federal Government officials to come to this realization. This is way too long of a time period for these fake websites to be up and running, and in my view, there is no excuse for it what so ever. Hopefully, the damage has been minimal to these applicants. I can only surmise on this, because no further information was given as to the extent of this breach.
As far as the other recruiting job sites go (as just described earlier), my advice is if you want to apply for a job, go for it. Just be careful of any phony e-mails and phone calls that you may receive. Also, another trend I have been noticing: I have also started to get calls where I say “Hello”, and nobody responds, and they hang up after about 30 seconds.
I think that these are phony recruiters trying to confirm the information that I have submitted online. In these instances, I just block that number on my iPhone.