A new report from DNSFilter reveals a growing threat in the online job market. Cybercriminals are exploiting both job seekers and hiring platforms by creating fake employment domains that look legitimate but are built to steal data. This research arrives at a time when unemployment is near a four-year high, and the average applicant sends roughly 180 job applications before receiving one offer.
DNSFilter data reveals massive growth in hiring-related scams
DNSFilter’s analysts found a sharp increase in malicious domains mimicking job boards and career platforms. Their latest data shows:
- 8,724 domains containing the word “jobs” were identified as malicious.
- 1,161 domains containing the word “careers” were flagged as malicious.
- 88% of malicious domains with hiring-related keywords were newly registered or newly observed.
- 86% of domains containing “jobs” and classified as malicious were new or recently seen.
If it looks like a job portal and sounds like a job portal, it may still be a trap.
Common tricks behind the fraudulent domains
DNSFilter’s researchers outlined several patterns used by attackers to create believable but harmful sites:
- Long, awkward URLs filled with hyphens or random characters intended to imitate real job portals.
- Fake domains that copy the look of trusted recruitment brands or contain urgent wording such as “apply-now” or “instant-hire.”
- Unusual top-level domains (TLDs) or country-code domains (ccTLDs) rarely used for business, including .top, .tk, .ml, .xyz, and .af.
These domains are often launched in quick bursts, followed by phishing campaigns that trick both job seekers and HR professionals into clicking links that lead to malware or credential theft.
The human factor: pressure and opportunity
The timing couldn’t be worse. With so many people chasing limited openings, emotions often override caution. In a market this competitive, applicants may rush to apply, reply, or upload resumes without a second thought. It’s exactly the environment cybercriminals rely on.
AI is reshaping how people look for jobs—and how scams evolve
Artificial Intelligence (AI) has transformed job hunting in remarkable ways. Job seekers now use AI tools to:
- Write resumes, cover letters, and even portfolio summaries in seconds.
- Customize LinkedIn profiles using AI keyword recommendations.
- Train with AI “interview coaches” that simulate real hiring questions.
Some candidates are even experimenting with AI-generated video avatars for recorded interviews. Using tools such as Synthesia, HeyGen, and DeepBrain, job seekers can create lifelike digital versions of themselves that deliver prewritten answers. While these tools can improve confidence and consistency, they also raise ethical and security issues. Recruiters report encountering “AI-enhanced” interviews that blur the line between genuine and synthetic.
The same technology empowering job seekers is now being exploited by scammers. Threat actors have started using deepfake voice and video tools to impersonate hiring managers. In several recent incidents, attackers posed as recruiters during video interviews to trick candidates into submitting sensitive information or installing “background check” malware.
The intersection of AI and fraud means job seekers must now question not just the offer—but the person on the screen.
How both applicants and employers can reduce risk
DNSFilter recommends a proactive approach. A mix of awareness and verification can stop most attacks before they start.
For job seekers:
- Be sceptical of unsolicited job offers or invitations to interview on unfamiliar platforms.
- Check the exact spelling and extension of every job-related URL before clicking.
- Pause before sharing personal information or downloading files from recruiters.
- Use reputable job boards and double-check email domains from recruiters.
For organizations and hiring teams:
- Monitor DNS traffic for new or suspicious employment-related domains.
- Block or flag domains that use excessive hyphens or rare extensions.
- Update threat detection rules frequently to include emerging job scam trends.
- Educate employees and applicants about AI-driven fraud, deepfakes, and phishing attempts.
Gregg Jones, Intelligence Analyst Lead at DNSFilter, summed it up clearly: “All aspects of our lives are vulnerable to bad actors given the right mix of emotions, timing, and environmental factors. Being vulnerable to a scam can take many forms, often in ways we least expect.”
What this means going forward
The convergence of AI and cybercrime has turned the hiring process into a digital minefield. Both applicants and employers need to slow down, verify, and stay alert. The stakes are no longer limited to a stolen resume—they include financial fraud, identity theft, and even AI-driven impersonation.
For anyone applying to jobs online, the best advice may sound old-fashioned: trust your instincts. If the opportunity seems too polished or the recruiter seems too perfect, something probably isn’t right. In the age of AI, skepticism isn’t cynicism—it’s survival.