As unemployment rates reach a near four-year high, new research from DNSFilter reveals a parallel surge in hiring-related online scams. An analysis of network data shows a significant increase in malicious domains containing keywords like "careers," "hiring," "jobs," and "talent" since the start of 2025, posing a serious threat to vulnerable job seekers.
Quick Intel
DNSFilter research identifies a surge in malicious domains using hiring-related keywords.
8,724 domains with "jobs" and 1,161 with "careers" were found to be malicious.
88% of these malicious hiring domains were newly registered or newly observed.
Scammers use excessive hyphens, odd TLDs (.top, .xyz), and fake domains to mimic legitimate sites.
The trend exploits the high volume of applications job seekers must submit.
Organizations are advised to monitor DNS traffic for unknown employment-related domains.
An Alarming Trend in Malicious Domains
The data from the last six months paints a concerning picture. A vast majority of these malicious domains are new, making them difficult to detect with traditional security measures. This tactic allows attackers to launch phishing campaigns quickly before being blacklisted, specifically targeting job seekers, HR teams, and recruitment platforms during a period of economic strain.
Deceptive Tactics Used by Scammers
Researchers identified several suspicious domain practices designed to trick victims. These include the use of excessive hyphens in long URLs to resemble legitimate job portals, domains that mimic trusted hiring platforms, and the utilization of unusual top-level domains (TLDs) like .top, .tk, .ml, and .xyz that are not commonly associated with legitimate businesses. This strategy preys on the urgency and vulnerability of individuals actively seeking employment.
Recommendations for Protection
Both job seekers and organizations need to adopt a more vigilant stance. Individuals should be highly skeptical of unsolicited job offers and carefully inspect domain names for red flags like strange extensions and hyphens. Gregg Jones, intelligence analyst lead at DNSFilter, stated, "All aspects of our lives are vulnerable to bad actors given the right mix of emotions, timing, and environmental factors. Being vulnerable to a scam can take many forms, often in ways we least expect. Taking stock of things that seem too good to be true and implementing security best practices are key to reducing unexpected angles of exploitation." For businesses, proactively monitoring DNS traffic for spikes in new employment-related domains is critical for early threat detection.
The convergence of high unemployment and sophisticated domain-based scams creates a perfect storm for cybercrime. This research underscores the critical need for heightened awareness and proactive security measures to protect a vulnerable population during their job search.
DNSFilter is a cybersecurity company that protects every click, leveraging AI-driven content filtering and threat protection to block threats 10 days earlier than competitors. DNSFilter's solution secures workers anywhere they are, helping to boost productivity, minimize compliance risk, and protect corporate brands on public Wi-Fi networks. Unlike traditional filtering solutions, DNSFilter deploys in minutes instead of days and is trusted by more than 43,000 organizations worldwide.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.