The job market hasn’t been great in the last few years, especially in tech, leaving a lot of people actively looking for jobs. 

Scammers are taking advantage of this. They have come up with a new trick where they pretend to be recruiters to spread crypto miners on people’s devices. 

It starts with an email inviting the person to schedule an interview for a job. But when they click the link, it installs a malicious app that secretly mines cryptocurrency. This app hijacks your PC’s resources, like the CPU and GPU, which slows down its performance significantly.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

What you need to know

This malicious campaign begins with an email that tricks victims into thinking it is part of a recruitment process, as reported by Dark Reading. In most cases, these emails are pretending to be from recruiters at the cybersecurity company CrowdStrike.

The fraudulent email contains a link claiming to take the recipient to a site where they can schedule an interview. However, in reality, it redirects the victim to a malicious website that offers a download for a supposed “CRM application.”

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The site provides download options for both Windows and macOS. Regardless of which option the victim selects, the download will be a Windows executable written in Rust. This executable then downloads the XMRig cryptominer.

The executable performs several environmental checks to analyze the device and avoid detection. It scans running processes, checks the CPU and more. If the device passes these checks, the executable will display a fake error message while secretly downloading additional payloads needed to run the XMRig miner.

Fake CrowdStrike job application download. (CrowdStrike)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

How does a cryptominer affect your PC?

A cryptomining app can significantly impact your PC’s performance. Once installed, it hijacks your computer’s resources, including the CPU and GPU, to secretly mine cryptocurrency. This process requires a lot of computational power, which can cause your system to slow down drastically. You might notice your computer becoming unresponsive, running hotter than usual, or consuming more power. 

In some cases, prolonged use of cryptominers can also lead to hardware damage due to the increased strain on your components. Additionally, these miners often run in the background without your knowledge, making it harder to detect the issue until the damage is already done.

CrowdStrike is aware of the scam and advises individuals to stay vigilant. “This campaign highlights the importance of vigilance against phishing scams, particularly those targeting job seekers. Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files,“ the company said in a blog post. 

“Organizations can reduce the risk of such attacks by educating employees on phishing tactics, monitoring for suspicious network traffic and employing endpoint protection solutions to detect and block malicious activity.”

People working on their laptops. (Kurt “CyberGuy” Knutsson)

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

5 ways to stay safe from job interview scams

1. Check if you applied for the job: If you receive an unsolicited interview invitation, think back to whether you actually applied for that job or company. Scammers often target jobseekers randomly, hoping someone takes the bait. If you didn’t apply, it’s likely a scam. Always confirm directly with the company before proceeding.

2. Verify recruiter credentials: Always double-check the recruiter’s details before responding to an email or clicking any links. Verify their email address, LinkedIn profile and company association. Legitimate companies will use official email domains, not free services like Gmail or Yahoo.

3. Avoid downloading unsolicited files: Be cautious of emails asking you to download any files or applications. Legitimate recruitment processes rarely require you to install software. If unsure, contact the company directly to confirm the request.

4. Inspect links before clicking: Hover over any links in the email to see their actual URL. Scammers often use URLs that mimic legitimate sites but have subtle differences. If a link looks suspicious, avoid clicking on it.

5. Use strong antivirus software: Use strong antivirus or endpoint protection software to detect and block malicious downloads. Regularly update your security tools to ensure they can handle new threats effectively.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Kurt’s key takeaway

Cybercriminals always manage to come up with new ways to exploit people. While this particular scam is more focused on using your computer’s resources than stealing data, it is still very dangerous. It shows that if a hacker can easily install software on your PC, they can also go ahead and steal your financial information and other personal data. Always verify the emails you receive, and try not to download anything you don’t trust.

Have you ever received a suspicious email that looked like a job offer? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A law professor cited by CBS News called Donald Trump’s $10 billion lawsuit over the editing of a 60 Minutes interview with Kamala Harris “…so ill grounded that it comes close to being sanctionable as frivolous.” But now, the The Wall Street Journal reports that executives at CBS’ parent company, Paramount Global, have discussed settling the suit while “gaming out options to reduce friction with the incoming administration” ahead of a government review of its merger with Skydance.

The paper reports that incoming FCC chairman and censor-in-chief Brendan Carr warned execs last year that presidential dissatisfaction with CBS News will make a review tougher. He’s also publicly displayed that view, saying during a Fox News interview in November, “…CBS has a transaction before the FCC. I’m pretty confident that news distortion complaint over the CBS 60 Minutes transcript is something that is likely to arise in the context of the FCC’s review of that transaction.”

The lawsuit claims that in airing two differently edited versions of Harris’ response to a question about the war in Gaza, “CBS used its national platform on 60 Minutes to cross the line from the exercise of judgment in reporting to deceitful, deceptive manipulation of news.”

But instead of mounting a defense of free speech against a lawsuit and Trump’s accusations that the network said were false and completely without merit, Paramount is considering following the example of Disney and tech oligarchs who will line up at the inauguration like Mark Zuckerberg.

The ABC News owner agreed to pay $15 million to Trump’s presidential foundation and museum to settle a defamation lawsuit in December. Zuckerberg sharply redirected Meta’s policies to the right while meeting with Trump, reportedly “in part to mediate a lawsuit Trump brought against Facebook and Zuckerberg in 2021 over the platform’s suspension of Trump’s account after the Jan. 6 riot at the U.S. Capitol.”

Let’s talk about something that’s been popping up in inboxes lately — those sneaky “Your Apple ID has been disabled” emails. 

Like many people who’ve reached out to us, you might have gotten one that looks pretty legit, saying something like, “Your Apple ID has been temporarily disabled. Verify your Apple ID Information.” 

Spoiler alert: It’s most likely a scam, and we’re going to break down why.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

The anatomy of the scam

So, here’s how these tricksters operate. You get an email that looks totally legit with an Apple logo and creates a sense of urgency, claiming your Apple ID is in trouble. They’ll say something like, “If you do not verify your account within 48 hours, it will be permanently locked.” Yikes, right? That’s exactly what they want you to think. So, you’ll “Click the button below to verify as soon as possible.” They want you to click where it says, “Go to Apple ID.”

Once you do that, you’re directed to a fake Apple website designed to look almost identical to the real one. This fraudulent site prompts you to enter your username, password and other sensitive information, which the scammers can then use to access your Apple account and potentially steal your personal data or make unauthorized purchases.

Apple ID scam email. (Kurt “CyberGuy” Knutsson)

NEW CYBERATTACK TARGETS IPHONE AND APPLE IDS: HERE’S HOW TO STAY SAFE

Let’s play detective and look at some red flags in these scam emails

Urgent language: They’re trying to scare you into acting without thinking. Classic scammer move.

Vague claims: “Missing or invalid information”? That’s purposely unclear to make you doubt yourself.

Threats of lockout: Nothing like a good threat to get your heart racing, huh?

Terms of service talk: They throw this in to sound official, but it’s just smoke and mirrors.

Grammar goofs: Real Apple emails are polished. Scammers? Not so much.

Fishy sender address: Always check if it’s actually from @apple.com (spoiler: it’s probably not). Any legitimate email from Apple will come from a domain ending in “@email.apple.com. As you can see from the scam email below, it’s from a fake email: mfrasier@wavecable.com, not Apple.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Apple ID scam email. (Kurt “CyberGuy” Knutsson)

HOW TO SECURELY LOCK YOUR IPHONE AND IPAD FROM PRYING EYES

Why are scammers after your Apple ID?

You might wonder, “Why are these scammers so obsessed with Apple IDs?” Well, there are a few reasons:

• iCloud goldmine: Your photos, contacts and documents are valuable for identity theft or blackmail.
• Shopping spree potential: Stored payment info means they could go on a spending spree on your dime.
• Financial account access: Many folks link their bank accounts to their Apple ID. Jackpot for hackers.
• Dark web data deals: Your personal info can fetch a pretty penny in shady online marketplaces.

 5 THINGS TO DO FIRST IF YOU GOT A NEW MAC

How to keep these scammers at bay

To keep scammers at bay and secure your Apple ID, follow these comprehensive steps:

1. Enable Two-Factor Authentication (2FA): This crucial security feature adds an extra layer of protection to your Apple ID. Set it up by going to Settings > [your name] > Sign-In & Security on your iPhone or iPad, or Apple menu> System Settings > [your name] > Sign-In & Security on your Mac.

2. Use strong passcodes: Opt for alphanumeric passcodes instead of simple PINs. When in public, use biometrics (Face ID or Touch ID) and be cautious when entering your passcode.

3. Enable Stolen Device Protection: If you’re using iOS 17.3 or later, turn on this feature for additional security against theft.

4. Keep software updated: Regularly update your operating system and apps to ensure you have the latest security patches.

5. Don’t click on suspicious links, use strong antivirus software: If the email asks you to click a link, don’t do it right away. Hover over the link to see the actual URL. If it doesn’t look like an official Apple website (or any site you trust), don’t click it.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Use a password manager: Generate and store strong, unique passwords for all your accounts by using a password manager.

7. Enable Find My: Turn on Find My iPhone to help locate your device if it’s lost or stolen.

8. Use a personal data removal service: Consider using a service that finds and removes your personal information from data broker sites. These services can help reduce your digital footprint, making it harder for scammers to obtain your data to target you in the first place. Look for a service that offers automated removals from hundreds of data aggregators and provides detailed verification of removals.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

9. Don’t click on suspicious links: If the email asks you to click a link, don’t do it right away. Hover over the link to see the actual URL. If it doesn’t look like an official Apple website (or any site you trust), don’t click it.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Apple ID scam email. (Kurt “CyberGuy” Knutsson)

TOP PHONE CHARGING CABLES THAT WILL SUPERCHARGE YOUR APPLE DEVICES

How Apple actually reaches out

Apple will never email you asking for your password or threaten to lock your account. If there’s a real issue, you’ll usually get a notification on your trusted device or be asked to sign in to your Apple ID account page directly. Remember, Apple will never ask for your password via email, phone or text message. Always access your account through official Apple websites or apps.

Kurt’s key takeaways

These scammers are getting craftier, but with a bit of know-how and caution, you can keep your Apple ID (and all the good stuff connected to it) safe and sound. Remember, if something feels fishy, trust your gut. When in doubt, go straight to Apple’s official website or give their support team a call. Keep your digital life secure, and don’t let those scammers take a bite out of your Apple.

Have you ever fallen victim to a digital scam, and what steps did you take to protect yourself afterward? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.