Phishing Attack on Naukri Portal Leaves Tech Company Vulnerable and 100s of Duped Candidates

Cyberspace crime is a serious fallout of the digitization of our world. Hacking and stealing of data for nefarious purposes have become a bane for individuals and organizations both.

Almost all major sectors, including banking, finance and commercial facilities, postal services, transportation, e-retail platforms, etc. have fallen victim to this crime. It is done in the form of phishing and social engineering, malware, spear-phishing, ransomware, hacking, software piracy, pornography, cybersquatting, etc.

The latest victim of this crime is Ahmedabad-Based Azine Tech, an ISO-certified information technology company. Its official recruitment account on the India-based popular job site portal Naukri.com was hacked into recently. Worryingly, repeated requests to the portal to help solve the issue and put in more stringent authentication measures to prevent further attacks were entirely ignored by the company.

Azine got wind of something not right with their job posting account on the site when the HR department noticed that their average access to applications for job postings had drastically come down from a few thousand to just a few hundred about a month ago.

Secondly, they started receiving emails from candidates enquiring about the progress of their applications for jobs related to a hospital in Dubai. An investigation into the portal account revealed a mass email using the Azine Tech HR executive’s name was sent out on behalf of Dubai-based Al Garhoud Hospital.

Azine reached out to Naukri for info such as IP address, etc. The account was used from Nigeria, where they have no associates. All their recruitment is done from Ahmedabad only. 

Meanwhile, the HR executive of Azine also started receiving threatening emails from candidates who were awaiting a response for the hospital job ad. 

A request to Naukri to follow-up on the issue and rescind the email or shoot another one notifying candidates about the phishing scam was summarily dismissed.

What is worse is that despite being aware of the scam, nothing was done by Naukri to stop further misuse of the account. On March 16, another mass email was sent using the Azine account to prospective candidates. This time the phishing IP address was from Nigeria and Netherlands.

A request to switch the Naukri account access to a new email was ignored by the job site company when the first breach occurred, leaving the company vulnerable to further attacks, which did happen.

Azine Tech is worried about the fallout on the company’s brand. Additionally, some of the candidates, it seems have been asked to deposit money in return for a surety of a job.

Naukri says it hosts around 3.7 crore resumes on its website.

A data breach of the Naukri site occurred in April 2020. It then released a statement saying that they had upped their security infrastructure, operational control and vigilance in the wake of the rise in the recent attacks on websites across the world. But it seems not enough was done to prevent such future attacks.

As we choose to stay connected, we are moving towards greater assimilation of data sets, which opens the entire ecosystem to larger threats from social deviants. It is on the individuals and the corporates to preserve the confidentiality and integrity of data while ensuring that access to the very data is not compromised on any front.

The post Phishing Attack on Naukri Portal Leaves Tech Company Vulnerable and 100s of Duped Candidates appeared first on The HR Digest.

Source: New feed