Update: CareerBuilder says the issue with infected emails has been resolved and is not an ongoing problem. In an email this morning (5/15), a spokeswoman said, “The attack has been addressed, affected customers were notified right away and no other incidents have occurred.”
If you are a CareerBuilder customer, be careful what resumes you open. It could be malware. Or worse.
For the last few weeks, attackers have been sending CareerBuilder customers malicious attachments disguised as resume documents in response to their online job postings. Because they appear to be trustworthy and come through the job site’s mail platform, unwitting recruiters open the document and even forward the emails to hiring managers and others, unleashing a bit of code that then automatically downloads the malware. Once that happens, the program can steal data or wreak other havoc.