How to identify a fraudulent CV in Teamio

Hana Kostovičová • 12. 4. 2023

Beware! We have encountered attackers attempting to deliver a message with an infected file through replies to an advertisement.

A computer virus and a blocked mailbox in the wrong hands? That’s a terrifying nightmare nowadays. What are we doing to keep you safe? And what can you do?

Attackers are becoming more resourceful and are trying to use job application forms to spread viruses. So it is possible to encounter them through Teamio.

What should you know?

1) First name, surname and e-mail hints

One of the first things you see in a new advertisement response is the candidate’s first and last names. Definitely take a look at your e-mails. Now the most important question – does it all make sense?

  • Beware of foreign names in positions where they are not expected.
  • Pay attention to names that are too neutral.
  • The e-mail address bfx3@xu.milo.xu certainly doesn’t sound credible.

2) Pay attention to the language

The wrong form of address, typos, text that obviously seems badly translated. All of these should act as warnings.

3) All attachments are checked with antivirus

Every attachment that flows to you via Teamio is checked by an antivirus. And if it’s not sure, you’ll get information about a blocked attachment. You can then ask the candidate to send an attachment in a different, more common format.

4) Beware of links (in e-mails and PDFs)

There are places that even antivirus can’t reach. For example, any link – either in a message or in a PDF of an attached CV – is technically impossible to check.

So before you click on a link, check to see where it actually leads – first hover over the link. You should then be shown where it leads. If you start downloading a file after clicking, be careful (especially watch out for .exe attachments, see the sixth point below).

5) Check the page URL

If a link takes you to a site that requires you to provide any information (such as login), make sure you double-check the address. It may even appear similar to a trusted address, sometimes differing only in small details.

A lock on a web address in your browser indicates secure addresses, but even that is not a reliable guide. Just keep an eye out for links and go back to the site as usual.

6) Never ever open .exe files!

If someone sends you a file with an .exe attachment, it doesn’t bode well. Just delete it and thank your lucky stars.

7) Phone call as reliable verification

Any unusual request should be verified by a second means of communication. For example, if you receive an e-mail from a colleague to send them a forgotten password or money to your account, we recommend picking up the phone and verifying that they actually sent it. Better safe than sorry.

What if you’ve clicked where you shouldn’t have?

Any and all of the advice here is expensive. Immediately contact your IT department, which secures your computers and internal systems.

If you have no-one to contact, your best bet is to disconnect your computer from the Internet and try to prevent misuse of your accounts (for example, if you entered your banking password on a fraudulent site, call your bank immediately, etc.).

Finally, perhaps all that remains is to wish you never have to use the advice in this article.