Hiring Scams Flourishing as Cybercriminals Look to Exploit Job Seekers

Surge in malicious domains using terms like “careers,” “hiring” and “talent” underscores how malicious actors are preying on unsuspecting job seekers 

WASHINGTON, D.C. – Oct. 23, 2025 – Amid the near four-year high unemployment rate, new research from DNSFilter finds that scams related to hiring are proliferating. New data from the company’s networks shows an alarming trend in domain activity related to domains that include terms like “careers,” “hiring,” “jobs,” and “talent,” which have seen a significant uptick since the start of 2025.

These new insights from DNSFilter underscore the need for job seekers, who average 180 job applications to land a single offer, to remain vigilant when navigating job boards and receiving messages from so-called recruiters.

Over the last 6 months:

• 8,724 domains containing the word “jobs” have been found to be malicious.
• 1, 161 domains containing the word “careers” have been found to be malicious.
• 88% of malicious domains containing hiring-related keywords were newly registered or newly observed.
• 86% of all domains using the word “jobs” and that were determined to be malicious were either newly registered or newly observed. 

Researchers also discovered that a number of suspicious domain practices are being used to lure victims into clicking malicious links, including:

• Excessive hyphens or long-winded URLs designed to resemble legitimate job portals.
• Fake domains mimicking trusted hiring platforms or containing urgent-sounding phrases.
• Odd top-level domains (TLDs) and country code TLDs (ccTLDs) not commonly used for business (e.g., .top, .tk, .ml, .xyz, .af).

Attackers are increasingly registering new domains in short bursts to evade detection, following them up with phishing campaigns containing those links to target job seekers, human resources teams and recruitment platforms. 

Job seekers and organizations can help protect themselves from these types of hiring scams by remembering to: 

• Be skeptical of unsolicited job offers or job boards with unfamiliar URLs.
• Check domain names carefully and avoid clicking on links with excessive hyphens or strange extensions.
• Organizations should monitor DNS traffic for spikes in unknown employment-related domains and update threat detection rules accordingly.

Gregg Jones, intelligence analyst lead, DNSFilter, said: “All aspects of our lives are vulnerable to bad actors given the right mix of emotions, timing, and environmental factors. Being vulnerable to a scam can take many forms, often in ways we least expect. Taking stock of things that seem too good to be true and implementing security best practices are key to reducing unexpected angles of exploitation.”

About the company:

DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter’s solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide. Learn more about how DNSFilter is the first and last line of defense for corporate and hybrid networks at dnsfilter.com.

Media Contact

Shannon Van Every

Force4 Technology Communications

Shannon@force4.co