SMB Alert: Why Fake Resumes on LinkedIn Are the Latest Cybersecurity Headache

Cyberattackers Are Using Fake LinkedIn Resumes—What SMBs Need to Know

Imagine this: your HR team discovers a promising candidate on LinkedIn. Their resume—hosted on Amazon Web Services—looks credible. But when your recruiter clicks to download, a silent cyberattack is launched. This threat isn’t hypothetical. It’s happening right now as sophisticated hacking groups like FIN6 exploit SMBs by delivering malware through seemingly harmless job applications (The Hacker News, 2025).

Why This Attack Matters for Small & Medium Businesses

Many SMBs depend on LinkedIn, Indeed, and similar platforms to source talent. But these same platforms can also be entry points for cybercriminals. FIN6, a known financially motivated threat group, is now blending social engineering with technical tricks—using fake AWS-hosted resumes that conceal More_eggs malware. The real risk? Even a single successful attack could disrupt operations, drain resources, or cause data breaches, costing far more than most SMBs can afford.

> Note: This isn’t fearmongering—it’s a real trend involving trusted everyday tools used by businesses of all sizes.

According to IBM, the average cost of a data breach for businesses with fewer than 500 employees recently hit $3.31 million (IBM Cost of a Data Breach Report, 2023). Many breaches begin with a single click on a malicious link.

How Do These Attacks Work?

  • Attackers create fake job-seeker profiles on LinkedIn and Indeed.
  • They upload malware-laden resumes to Amazon Web Services (AWS) to appear legitimate and bypass filters.
  • They use social engineering to build trust with in-house HR staff or recruiters.
  • When a recruiter clicks or downloads the resume, the More_eggs malware is quietly installed, giving attackers access to business systems and sensitive data.

3 Key Takeaways—What You Can Do This Month

  1. Train Your Staff to Spot Social Engineering
    Organize a quick training session for HR and hiring managers. Help them recognize warning signs: unsolicited CV links, resumes hosted on nonstandard platforms, or unusual LinkedIn and Indeed messages. Make it a recurring awareness priority.
  2. Lock Down File Handling and Downloads
    Restrict the ability to download files from unknown or cloud-hosted links. Use a secure document exchange through your applicant tracking system or require password-protected PDFs. Limit direct downloads from public cloud or unfamiliar URLs.
  3. Bolster Endpoint Protection
    Ensure all company devices—especially those used by HR staff—are running modern endpoint security software that can detect and quarantine malware like More_eggs before damage is done.

Want help evaluating your protection against phishing and HR supply chain attacks?

Book a free 15-minute security consult now.

Why Partner With Proactive IT & Cybersecurity Experts?

Catching the latest social engineering attack requires more than just software—it’s about continuous vigilance, employee education, and tight controls on business-critical workflows. BoltWork’s managed IT and cybersecurity services align with three core goals:

  • Secure: Minimize attack surfaces and block malware at the entry point.
  • Simplify: Streamline hiring processes with safe, integrated tools—so IT isn’t a bottleneck.
  • Reduce Costs: Predictable pricing can be far less than the staggering cost of even a single breach.

Is Your HR Tech Stack a Hidden Security Gap?

Ask yourself: Do your teams still download resumes from arbitrary links? Are cloud storage solutions properly vetted, and is endpoint security current? If you’re unsure about any of these answers—or just want an expert’s eye—let us help.

Book a 15-minute security consult with BoltWork and fortify your hiring process today.

References

  • The Hacker News. “FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware”, June 2025.
  • IBM. “Cost of a Data Breach Report 2023”.

Related Posts

Scroll to Top