Open Forum

A new phishing scam is targeting recruiters and HR departments. The group behind it, Venom Spider, sends fake job applications to trick people into downloading malware. These attackers aren't breaking in through complex hacks—they're just getting people to open the wrong file.

They write a convincing email that looks like it's from a real job seeker. It might include a short message and a resume attached as a PDF, Word document, or link to a file. Everything looks routine. But once the attachment or link is opened, malicious software quietly installs on the computer. That software can record keystrokes, steal files, or give someone remote access without you knowing.

What makes this different from typical spam is how targeted it is. These aren't mass emails blasted out to thousands of random people. Venom Spider picks specific companies and sends well-written, customized emails to hiring staff—the people most likely to open a resume from a stranger. They come prepared and scour the web for any opening at the targeted company. So, the job and skills likely match the exact opening.

They're also using tools that change based on who's being targeted. For example, the malware can name itself after the computer it lands on, which helps it hide from security tools. It's not groundbreaking technology, but it's clever, and it's working.

Takeaways:

• Be careful with email attachments, even if they look like normal resumes
• Attachment shouldn't have anything actionable. Any prompts to turn off security features or enable additional office components are a red flag
• Save the attachment locally before opening. That way, any malicious intent can be detected by the security technology installed on your computer
• Pay attention to sudden screen flashes or other odd behaviors, as they can be an indicator of background changes to your system

These scams work because they feel ordinary. But staying alert, even during routine tasks like hiring, can make a big difference.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

Genady;

Thank you for such valuable information. 

------------------------------
Mary Enzi CAA
Tax Solutions – FIRPTA Consulting
[email protected]
+1 (281) 578-1040
Katy TX
------------------------------

Original Message:
Sent: 05-16-2025 09:00
From: Genady Vishnevetsky
Subject: Security BUZZ - When a Resume is a Cyber Trap

A new phishing scam is targeting recruiters and HR departments. The group behind it, Venom Spider, sends fake job applications to trick people into downloading malware. These attackers aren't breaking in through complex hacks-they're just getting people to open the wrong file.

They write a convincing email that looks like it's from a real job seeker. It might include a short message and a resume attached as a PDF, Word document, or link to a file. Everything looks routine. But once the attachment or link is opened, malicious software quietly installs on the computer. That software can record keystrokes, steal files, or give someone remote access without you knowing.

What makes this different from typical spam is how targeted it is. These aren't mass emails blasted out to thousands of random people. Venom Spider picks specific companies and sends well-written, customized emails to hiring staff-the people most likely to open a resume from a stranger. They come prepared and scour the web for any opening at the targeted company. So, the job and skills likely match the exact opening.

They're also using tools that change based on who's being targeted. For example, the malware can name itself after the computer it lands on, which helps it hide from security tools. It's not groundbreaking technology, but it's clever, and it's working.

Takeaways:

• Be careful with email attachments, even if they look like normal resumes
• Attachment shouldn't have anything actionable. Any prompts to turn off security features or enable additional office components are a red flag
• Save the attachment locally before opening. That way, any malicious intent can be detected by the security technology installed on your computer
• Pay attention to sudden screen flashes or other odd behaviors, as they can be an indicator of background changes to your system

These scams work because they feel ordinary. But staying alert, even during routine tasks like hiring, can make a big difference.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

great feedback, as per your usual  Genady. thanks

------------------------------
Deb Grace
Executive Vice President Business Development
AccuTitle, LLC
Ship Bottom NJ
+1 (505) 999-0089
------------------------------

Original Message:
Sent: 05-16-2025 09:00
From: Genady Vishnevetsky
Subject: Security BUZZ - When a Resume is a Cyber Trap

A new phishing scam is targeting recruiters and HR departments. The group behind it, Venom Spider, sends fake job applications to trick people into downloading malware. These attackers aren't breaking in through complex hacks-they're just getting people to open the wrong file.

They write a convincing email that looks like it's from a real job seeker. It might include a short message and a resume attached as a PDF, Word document, or link to a file. Everything looks routine. But once the attachment or link is opened, malicious software quietly installs on the computer. That software can record keystrokes, steal files, or give someone remote access without you knowing.

What makes this different from typical spam is how targeted it is. These aren't mass emails blasted out to thousands of random people. Venom Spider picks specific companies and sends well-written, customized emails to hiring staff-the people most likely to open a resume from a stranger. They come prepared and scour the web for any opening at the targeted company. So, the job and skills likely match the exact opening.

They're also using tools that change based on who's being targeted. For example, the malware can name itself after the computer it lands on, which helps it hide from security tools. It's not groundbreaking technology, but it's clever, and it's working.

Takeaways:

• Be careful with email attachments, even if they look like normal resumes
• Attachment shouldn't have anything actionable. Any prompts to turn off security features or enable additional office components are a red flag
• Save the attachment locally before opening. That way, any malicious intent can be detected by the security technology installed on your computer
• Pay attention to sudden screen flashes or other odd behaviors, as they can be an indicator of background changes to your system

These scams work because they feel ordinary. But staying alert, even during routine tasks like hiring, can make a big difference.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------