Headhunter scam –
Social engineering through supposed job offers

The headhunter scam is a form of social engineering. Cybercriminals pretend to be recruiters or headhunters in order to deliberately deceive professional contacts. The aim is to obtain confidential information or spread malware – usually through manipulated links or file attachments.

How does the scam work?

Criminals often approach their victims through professional networks such as LinkedIn or email. They offer seemingly attractive job offers and try to gain the trust of the person addressed. Typical procedure:

• Contacting a supposedly tailor-made job offer via e-mail or LinkedIn
• Use of real-looking company names, job titles, and personal details from publicly available profiles
• Request to open a document or click on a link, e.g. to the job advertisement
• In the background: malware installation or phishing attempt

Typical destinations

Employees with technical roles, admin access or business-critical rights – especially in small and medium-sized enterprises (SMEs) where security processes are not always seamless.

Where do you encounter this in everyday SME life?

• For people with a public LinkedIn or Xing profile
• In the HR department during real application processes
• In IT, when technical know-how is particularly in demand
• With managing directors and other key people

How can you protect yourself?

• Regularly inform employees about social engineering methods such as the headhunter scam
• Questioning emails and messages with unusual senders, requests, or file attachments
• Do not share sensitive information or credentials
• Do not open unsolicited attachments and do not click on links carelessly
• If in doubt, consult with IT or security officers
• Ensure protective measures such as e-mail filters, virus scanners and regular updates on all end devices