{“lastseen”:”2025-11-14T18:05:07″,”description”:”One of our customers was contacted on LinkedIn about a job offer. The initial message was followed up by an email:\\n\\n\\n\\n\\u003e \u201cThank you for your interest in the Senior Construction Manager position at {company}. After reviewing your background, we were impressed with your experience and would like to invite you to the next stage of our selection process \u2014 a virtual interview.\\n\\u003e \\n\\u003e In this session, we\u2019ll discuss your project management experience, leadership approach, and how your expertise aligns with {company}\u2019s current and upcoming construction initiatives.\\n\\u003e \\n\\u003e A Zoom link will be shared in a follow-up email, which will allow you to select a time that\u2019s most convenient for you.\\n\\u003e \\n\\u003e If you have any questions in the meantime, please don\u2019t hesitate to reach out. I look forward to speaking with you soon.\\n\\u003e \\n\\u003e Warm regards,\u201d\\n\\nI edited out the company name and the name of the supposed recruiter, but when we Googled that alleged recruiter\u2019s name, he does work at the impersonated company (just not in HR). That’s not unique, though. We’ve heard several variants of very similar stories involving other companies and other names.\\n\\nOther red flags included the fact that the email came from a Gmail address (not a company domain), and that the company has no openings for a Senior Construction Manager.\\n\\nWhen our target replied they were looking forward to the interview, they received the \u201cMeeting invitation\u201d by email:\\n\\n\\n\\n\\u003e \u201cHi There,\\n\\u003e \\n\\u003e {recruiter} INVITED YOU TO A ZOOM REMOTE MEETING\\n\\u003e \\n\\u003e Please click the button below to view the invitation within 30 days. By acceptance, you’ll be able to message and call each other.\\n\\u003e \\n\\u003e View Invitation {button}\\n\\u003e \\n\\u003e To see the list of invited guests, click here.\\n\\u003e \\n\\u003e Thank you.\\n\\u003e \\n\\u003e Zoom\u201d\\n\\nBoth links in this email were shortened t[.]co links that redirected to meetingzs[.]com\/bt.\\n\\nThat site is currently unavailable, but users have reported seeing fake Windows update warnings, or notifications about having to install updates for their meeting application (Zoom, Teams\u2014name your favorite). Our logs show that we blocked meetingzs[.]com for phishing and hosting a file called `GoToResolveUnattendedUpdater.exe`.\\n\\n![Malwarebytes blocks meetingzs\\\\[.\\\\]com](https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/11\/meetingzscomblock.png)\\n\\nWhile this file is not malicious in itself, it can be abused by cybercriminals. It’s associated with LogMeIn Resolve, a remote support tool, which attackers can fake or misuse to execute ransomware payloads once installed.\\n\\nThis tactic is part of a broader trend where attackers pose as recruiters or trusted contacts, inviting targets to meetings and requiring them to install software updates to participate. Those updates, however, can be malware installers or Remote Monitoring and Management (RMM) tools which can give attackers direct access to your device.\\n\\nThis type of attack is a prime example of how social engineering is becoming the primary way to gain initial access to you or your company\u2019s system.\\n\\n## How to stay safe\\n\\nThe best way to stay safe is to be able to recognize attacks like these, but there are some other things you can do.\\n\\n * Always keep your operating system, software, and security tools updated regularly with the latest patches to close vulnerabilities.\\n * Use a real-time anti-malware solution with a web protection component.\\n * Be extremely cautious with unsolicited communications, especially those inviting you to meetings or requesting software installs or updates; verify the sender and context independently.\\n * Avoid clicking on links or downloading attachments from unknown or unexpected sources. Verify their authenticity first.\\n * Compare the URL in the browsers’ address bar to what you’re expecting.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-11-14T16:30:38″,”modified”:”2025-11-14T16:30:38″,”type”:”malwarebytes”,”title”:”Be careful responding to unexpected job interviews”,”source”:””,”references”:””,”id”:”MALWAREBYTES:C5C5BFD5323D2273288BEDB0D94D6374″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/11\/be-careful-responding-to-unexpected-job-interviews”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-14T18:05:07″,”description”:”One of our customers was contacted on LinkedIn about a job offer. The initial message was followed up by an email:\\n\\n\\n\\n\\u003e \u201cThank you for…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-26282","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n