EXECUTIVE SUMMARY:

A Chilean man learned an important lesson: Don’t do a Skype interview with a prospective employer on your work computer. That’s just the start of it.

Responding to a job opening on LinkedIn for a developer position, the candidate was asked to download and install a program that was purported to be part of the recruitment process, reports Gizmodo. The unpleasant surprise: It turned out to be malware, instead.

It’s a twist on a situation that occurred with a brewery last year, where a hacker applied for a job with a malware-infected resume. Hackers are realizing that human resources can be a key to rich data.

According to Society for Human Resource Management (SHRM) a survey conducted by  XpertHR shows that 51 percent of organizations worry about data breaches. That same study revealed additional worries: 41 percent about mobile device management; 39 percent about managing the use of technology; and 31 percent about keeping employee data secure.

In the case of the developer candidate, the downloaded malware gave hackers an open door to view information about the person’s work computer, such as the type of machine, along with its operating system and proxy settings. “With all that info, the hackers would then be able to later deliver a second-stage payload to the infected computer,” notes Gizmodo.

Researchers believe the hackers involved are Lazarus Group, an organization associated with North Korea and credited with the 2014 Sony hack, WannaCry, and other significant cyber incidents.

For executives and others responsible for providing cybersecurity training and education to employees, perhaps it’s time to add to the curriculum: Don’t use work computers to search for new employment.

Get the full story at Gizmodo.