Back to Social Engineering
    Social Engineering

    CV Portal Test

    Social engineering testing aimed at your recruitment process. We send fake job applications with malicious attachments to test whether HR and hiring staff open unsafe files or expose sensitive data through your CV portal. The one channel where opening files from strangers is the job.

    Request QuoteContact Us

    What is a CV Portal Test?

    A CV portal test is a controlled social engineering assessment that targets your recruitment and HR process. Ethical hackers submit fake job applications containing booby-trapped CV files or links to a credential-harvesting portal, then measure whether staff open the attachments or hand over sensitive information.

    Recruitment is uniquely exposed. HR teams are expected to open documents from complete strangers dozens of times a day, which makes the usual advice, do not open attachments from unknown senders, impossible to follow. Attackers know this and abuse it.

    We replicate that exact attack path: a believable application, a realistic CV file, and a safe payload that reports back who opened it and what they did, without causing any real harm.

    Realistic fake job applications tailored to your open vacancies
    Booby-trapped CV files (macro documents, crafted PDFs) with safe payloads
    Optional credential-harvesting applicant portal
    Tracking of attachment opens, link clicks, and data submission
    Department and role-level vulnerability analysis
    Awareness scoring for HR and recruitment teams

    Why does a CV Portal Test matter?

    A blind spot in awareness training

    Most phishing training tells employees not to open unexpected attachments. HR cannot follow that rule, so generic training leaves recruitment exposed.

    A real attacker entry point

    Malicious CVs are a documented route into organizations. A single opened file can drop malware onto a machine with access to personal data.

    Protect sensitive applicant data

    Recruitment processes handle large volumes of personal data. Testing this channel validates your GDPR and security controls where it matters most.

    How do we approach the CV Portal Test?

    01

    Reconnaissance

    We review your open vacancies, application channels, and CV portal so the fake applications look entirely plausible.

    02

    Campaign Design

    We craft realistic applicant profiles and prepare safe payloads in common CV formats, from macro documents to crafted PDFs.

    03

    Controlled Execution

    Applications are submitted in waves with real-time monitoring and strict safety measures, so nothing harmful ever reaches your systems.

    04

    Analysis and Reporting

    You receive clear reporting on who opened what, plus concrete recommendations and immediate learning moments for the people involved.

    What do you get after a CV Portal Test?

    After the campaign you receive a report detailing attachment-open rates, link clicks, credential submissions, and response times, broken down by team and role.

    The report includes concrete remediation steps for your recruitment process, from technical controls on the CV portal to targeted training for hiring staff.

    Everyone who opened a test file receives immediate educational feedback explaining the warning signs, which is far more effective than annual compliance training.

    Deliverables

    • Executive summary with key findings
    • Attachment-open and submission metrics by team
    • Individual awareness scores (anonymized)
    • Remediation roadmap for the recruitment process
    • GDPR and data-handling observations

    Frequently Asked Questions

    A CV portal test is a controlled social engineering assessment where ethical hackers submit fake job applications with malicious CV files to measure whether HR staff open unsafe attachments or expose sensitive data.

    Recruitment is the one process where opening files from unknown senders is unavoidable. That makes it a uniquely attractive entry point for attackers and a blind spot for standard awareness training.

    The safe payload reports back that the file was opened, then shows an educational message explaining the warning signs. No real malware is ever used and no harm occurs.

    All data is treated confidentially, shared only with your security team, and deleted after reporting. The test is designed to comply with GDPR requirements.

    Yes. The most effective approach is to test first, train the recruitment team on the weak spots, then retest to measure improvement.

    Test your recruitment process before attackers do

    Find out whether your HR and hiring teams can be reached through a fake job application.

    Request QuoteContact Us