Applying for jobs can be painful, but at least your interactions with “human resources” don’t put you at risk of anything worse than dashed hopes. Actually, that’s not the case for those applying for a role at Chipotle. Until recently, the giant Mexican fast food restaurant chain was putting its job applicants at risk of identity theft and phishing attacks. That’s because Chipotle was sending emails to new job applicants from an email address using a domain – chipotlehr.com – it didn’t own. The domain wasn’t owned by anyone, in fact, until an unemployed IT worker applied for a job at Chipotle and found out the chipotlehr.com domain wasn’t registered, and bought it for $30.
View full story
ORIGINAL SOURCE: Naked Security