India’s No. 1 job site hit by phishing attack
Fake Naukri.com site tricks users into revealing their credit card details
Leading Indian job site Naukri.com was the target of a phishing attack designed to trick users into revealing sensitive information.
In late March, Symantec noticed a phishing website that "took advantage of the brand of a popular Indian job site". Though Symantec does not reveal which job site was targeted, the screenshot sample provided mimics the design of Naukri.com, touted as being 'India's No.1 job site'.
The phishing page, designed to look like the original, steals employers' login credentials which are then used to send targeted spam messages to employers asking them to pay an amount to upgrade or continue their access to particular recruitment solutions.
The link provided in the spam message asks for confidential information including credit card and PIN numbers.
The attackers, masquerading as employers, were also found to send spam to job seeking candidates informing them about fake opportunities in a bid to lure more unsuspecting victims.
Naukri.com features jobs from employers based around the world, including those in the United States, Europe and Middle East, with Info Edge branch offices in Bahrain, Dubai and Saudi Arabia.
"The increased number of candidates seeking jobs in India has led to the launch of phishing at-tacks on Indian job sites," Symantec writes, adding that the phishing website was created on servers located in the Netherlands.
Internet users should be wary of clicking on suspicious links in email messages and to check that URL links embedded belong to the brand's website.