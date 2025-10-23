Surge in malicious domains using terms like "careers," "hiring" and "talent" underscores how malicious actors are preying on unsuspecting job seekers

WASHINGTON, Oct. 23, 2025 /PRNewswire/ -- Amid the near four-year high unemployment rate, new research from DNSFilter finds that scams related to hiring are proliferating. New data from the company's networks shows an alarming trend in activity related to domains that include terms like "careers," "hiring," "jobs," and "talent," which have seen a significant uptick since the start of 2025.

These new insights from DNSFilter underscore the need for job seekers, who average 180 job applications to land a single offer, to remain vigilant when navigating job boards and receiving messages from so-called recruiters.

Over the last six months:

8,724 domains containing the word "jobs" have been found to be malicious.

1,161 domains containing the word "careers" have been found to be malicious.

88% of malicious domains containing hiring-related keywords were newly registered or newly observed.

86% of all domains using the word "jobs" and that were determined to be malicious were either newly registered or newly observed.

Researchers also discovered that a number of suspicious domain practices are being used to lure victims into clicking malicious links, including:

Excessive hyphens or long-winded URLs designed to resemble legitimate job portals.

Fake domains mimicking trusted hiring platforms or containing urgent-sounding phrases.

Odd top-level domains (TLDs) and country code TLDs (ccTLDs) not commonly used for business (e.g., .top, .tk, .ml, .xyz, .af).

Attackers are increasingly registering new domains in short bursts to evade detection, following them up with phishing campaigns containing those links to target job seekers, human resources teams and recruitment platforms.

Job seekers and organizations can help protect themselves from these types of hiring scams by remembering to:

Be skeptical of unsolicited job offers or job boards with unfamiliar URLs.

Check domain names carefully and avoid clicking on links with excessive hyphens or strange extensions.

Organizations should monitor DNS traffic for spikes in unknown employment-related domains and update threat detection rules accordingly.

Gregg Jones, intelligence analyst lead, DNSFilter, said: "All aspects of our lives are vulnerable to bad actors given the right mix of emotions, timing, and environmental factors. Being vulnerable to a scam can take many forms, often in ways we least expect. Taking stock of things that seem too good to be true and implementing security best practices are key to reducing unexpected angles of exploitation."

