• Home
  • News
  • Coins2Day 500
  • Tech
  • Finance
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia
CybersecurityJob seekers

Cybercriminals are stooping to a new low by targeting job seekers when the market is already bad: ‘Where’s the good sheep for the wolf to go attack?’

By
Brianna Monsanto
Brianna Monsanto and
IT Brew
IT Brew
Down Arrow Button Icon
By
Brianna Monsanto
Brianna Monsanto and
IT Brew
IT Brew
Down Arrow Button Icon
November 3, 2025, 3:48 PM ET
DNSFilter suggests job seekers double-check domain names and stay away from links with “excessive hyphens or strange extensions.”
DNSFilter suggests job seekers double-check domain names and stay away from links with “excessive hyphens or strange extensions.”Getty Images

New data from DNSFilter shows that cybercriminals are stooping to a new low: targeting job seekers.

The cybersecurity company found 8,724 malicious domains containing the word “jobs,” with the overwhelming majority (86%) newly registered or observed. Meanwhile, 1,161 malicious domains contained the word “careers.”

Prime targets.  Gregg Jones, an intelligence analyst lead at DNSFilter, told IT Brew that while it isn’t new for cybercriminals to target job seekers, the problem has been amplified by “current world conditions” that make those on the hunt for employment especially vulnerable to scams. While the US unemployment rate stood at 4.3% in August—the most recent published figure from the Bureau of Labor Statistics (BLS) due to the ongoing government shutdown—job hiring has continued to falter. According to the BLS, US employers added 22,000 jobs in August, a sharp decline from 142,000 in the same period last year.

“​​The economy is not so great…people are struggling to find jobs, some people are struggling to keep jobs, and it’s that constant ebb and flow of ‘where’s the good sheep for the wolf to go attack?’” Jones said.

It’s a tough market. Job seekers shouldn’t take the interest from cybercriminals personally, as malicious actors have placed targets on the backs of hiring managers, as well. In May, Arctic Wolf Labs released details about a spearphishing campaign hurled by threat group Venom Spider at hiring managers, with threat actors using résumés laced with malware when applying for jobs. Recruiters also have been grappling with the growing fake IT worker scheme, which has grown in sophistication thanks to deepfake technology.

How to dodge hiring scams. DNSFilter suggests job seekers double-check domain names and stay away from links with “excessive hyphens or strange extensions.” Jones added that if a job offer looks too good to be true, it probably is, and said individuals can always reach out to hiring managers to verify recruitment notifications: “No one should ever chastise you for being extra careful.”

This report was originally published by IT Brew.

About the Authors
By Brianna Monsanto
See full bioRight Arrow Button Icon
By IT Brew
See full bioRight Arrow Button Icon
Rankings
  • 100 Best Companies
  • Coins2Day 500
  • Global 500
  • Coins2Day 500 Europe
  • Most Powerful Women
  • Future 50
  • World’s Most Admired Companies
  • See All Rankings
Sections
  • Finance
  • Leadership
  • Success
  • Tech
  • Asia
  • Europe
  • Environment
  • Coins2Day Crypto
  • Health
  • Retail
  • Lifestyle
  • Politics
  • Newsletters
  • Magazine
  • Features
  • Commentary
  • Mpw
  • CEO Initiative
  • Conferences
  • Personal Finance
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Coins2Day Brand Studio
  • Coins2Day Analytics
  • Coins2Day Conferences
  • Business Development
About Us
  • About Us
  • Editorial Calendar
  • Press Center
  • Work At Coins2Day
  • Diversity And Inclusion
  • Terms And Conditions
  • Site Map

© 2025 Coins2Day Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Coins2Day Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.