A savvy phishing campaign is targeting those looking for opportunities with Atlantic Media, publisher of The Atlantic Monthly. The group has issued warning about a phishing scam imitating editors and senior leadership, sending fraudulent job offers to freelancers and individuals seeking employment.
The scam aimed to collect sensitive data such as social security numbers, addresses and bank account info from the targets, according to the memo.
“Across the last few months…the impostors have created numerous misleading email accounts, including Gmail addresses in the names of editors, Gmail addresses that include the Atlantic’s name (e.g., recruitment.atlanticmagazine@gmail.com), and addresses employing fake domains (e.g., @atlanticmediagroup.net),” the company said. “The aim of the scam is to obtain personal information.”
The perpetrators have gone so far as to conduct job interviews by phone and Gchat; to require signature on employment agreements, direct deposit and tax forms; and to mail fake checks to individuals (in the hope that these “advances” would be cashed, thereby providing the perpetrators with bank account information and/or credit card information).
The Atlantic said that to date, it has been contacted by more than 50 would-be victims, and the names of at least six of its top editorial leaders have been used.
“One thing has always been the same in phishing attacks: social engineering, i.e., luring people into clicking on a link and/or providing information so it can be captured and sent off to a drop zone,” said Mike Wyatt, director of Product Operations at RiskIQ, via email. However, this approach is different.
“Most spear phishing campaigns try to fool employees into giving up sensitive information with fake emails purporting to be from someone specific within the organization by spoofing their email address and mimicking the language, behaviors, and processes used in the day-to-day operations of the company,” he said. “In this case, threat actors pretended to be editors from The Atlantic reaching out to potential freelancers, which is more difficult to combat as the potential employees are outside of The Atlantic’s network. There’s not much The Atlantic can do regarding blocking—all they can do is report the abuse to the email service and warn potential victims that this is happening.”
The magazine has set up an email box, FraudAlert@AtlanticMedia.com, which will route any relevant information to the IT department. Likewise, it’s also asking would-be victims to route any inquiries from potential victims asking to confirm the veracity of an email purporting to have come from The Atlantic to the same mailbox. IT will connect with any would-be victims to advise them of the scam and to refer them to law enforcement.
“Unfortunately, there’s no way to be alerted if someone creates a fake email account in your name, but The Atlantic did the right thing in making it as easy as possible to report instances of the attack and abuse of its brand within email services,” Wyatt said. “People must be alerted to the dangers of phishing, and make sure they are verifying the authenticity of every single email asking for sensitive information—that means researching the purported company online and checking for suspicious originating email addresses. For example, well established companies almost always have a solid web presence and would not conduct business using free email services. You can always pull up information about the originating domain in RiskIQ Community to gain a better sense of its legitimacy. Another good step to validate that the request was, indeed, authentic is to reach out to the company using a different form of communication, such as making a direct phone call to their office.”