Cybercriminals are stooping to a new low by targeting job seekers when the market is already bad: 'Where’s the good sheep for the wolf to go attack?'

New data from DNSFilter shows that cybercriminals are stooping to a new low: targeting job seekers.

The cybersecurity company found 8,724 malicious domains containing the word “jobs,” with the overwhelming majority (86%) newly registered or observed. Meanwhile, 1,161 malicious domains contained the word “careers.”

Prime targets. Gregg Jones, an intelligence analyst lead at DNSFilter, told IT Brew that while it isn’t new for cybercriminals to target job seekers, the problem has been amplified by “current world conditions” that make those on the hunt for employment especially vulnerable to scams. While the US unemployment rate stood at 4.3% in August—the most recent published figure from the Bureau of Labor Statistics (BLS) due to the ongoing government shutdown—job hiring has continued to falter. According to the BLS, US employers added 22,000 jobs in August, a sharp decline from 142,000 in the same period last year.

“The economy is not so great…people are struggling to find jobs, some people are struggling to keep jobs, and it’s that constant ebb and flow of ‘where’s the good sheep for the wolf to go attack?’” Jones said.

It’s a tough market. Job seekers shouldn’t take the interest from cybercriminals personally, as malicious actors have placed targets on the backs of hiring managers, as well. In May, Arctic Wolf Labs released details about a spearphishing campaign hurled by threat group Venom Spider at hiring managers, with threat actors using résumés laced with malware when applying for jobs. Recruiters also have been grappling with the growing fake IT worker scheme, which has grown in sophistication thanks to deepfake technology.

How to dodge hiring scams. DNSFilter suggests job seekers double-check domain names and stay away from links with “excessive hyphens or strange extensions.” Jones added that if a job offer looks too good to be true, it probably is, and said individuals can always reach out to hiring managers to verify recruitment notifications: “No one should ever chastise you for being extra careful.”

This report was originally published by IT Brew.

Join us at the Fortune Workplace Innovation Summit May 19–20, 2026, in Atlanta. The next era of workplace innovation is here—and the old playbook is being rewritten. At this exclusive, high-energy event, the world’s most innovative leaders will convene to explore how AI, humanity, and strategy converge to redefine, again, the future of work. Register now.

Cybercriminals are stooping to a new low by targeting job seekers when the market is already bad: ‘Where’s the good sheep for the wolf to go attack?’