Cyber Crooks Hunt for Indeed Job Seekers’ Account Credentials in Latest Phishing Campaign

The Bitdefender Antispam Lab has detected an ongoing phishing campaign targeting users of employment website Indeed.

According to our researchers, 48% of the fraudulent emails have reached users in the US, 28% in Ireland, 5% in Finland, 3% in France and India and 2% in Germany.

The cyber crooks use spoofing to trick users into thinking the message was sent from the employment platform, forging the email header to display ’[email protected]’.

The email asks recipients to confirm their email address by downloading “the attached account update file” and logging into their account.

Accessing the HTML attachment named “Indeed_Update.html” will open a fraudulent login page with the recipients’ email address already filled in.

Indeed users who receive this email should not open the attachment or enter their password into the login page. Instead, delete the email and head to the official company website from your browser. Recipients who unwittingly entered their account password should immediately reset their password on and other online platforms that share the same login credentials.

As a reminder, employment-oriented services will not contact you via email and ask for personally identifiable information or financial information such as bank account numbers.

A vast number of online platforms deploy email verification processes. However, according to Indeed, users who sign up on the platform will receive a confirmation email during the setup process. The message asks recipients to confirm their email address by clicking on a link.

If you’re tired of wondering whether the correspondence in your Inbox is genuine, check out our 90-day Bitdefender Total Security trial that offers complete real-time data protection and anti-phishing filtering systems that sniff out and block websites masquerading as trustworthy entities.

Note: This article is based on technical information provided courtesy of Bitdefender Antispam Lab