Honeypot catches social engineering scams on social media

Research company investigates 40,000 fake accounts to find impersonator tactics.

honey jar dripper

Say you just got laid off from your job. Bills are piling up and the pressure to get a new job quickly is building. Your desperation has you taking chances you wouldn’t normally take, such as clicking on a link to a job offer — even if something about it doesn't quite look right.

Research firm ZeroFOX has found that unless a company has a verified recruiting account, it can be difficult for an applicant to decipher a legitimate account from an impersonator. One way to spot an impersonator is that they commonly provide Gmail, Yahoo, and other free email provider addresses through which applicants can inquire about a job and send their resumes (more advanced scammers can spoof company email domains). Some also include links to official job sites and LinkedIn for follow-up. In most cases, the impersonator uses the company logo to portray themselves as an official recruiter for the company. 

Once the impersonator receives an email, he or she will either try to extract personally identifiable information (PII) or demand payment for an application fee. Some companies are aware of recruitment scams and have a page on their site asking job seekers to be aware of scammers using unofficial company email addresses. 

ZeroFOX created honeypot accounts, engaged with the impersonators, and observed the social engineering attack within a sandboxed environment in investigating 40,000 fake accounts. This allowed the research company to reveal the anatomy of the attacks, identify commonalities and differences in these attacks, and more clearly understand motives. 

1 2 Page 1
Page 1 of 2
7 hot cybersecurity trends (and 2 going cold)