One case starts with a fake job brief hosted through Google Forms. It often begins on LinkedIn, where a message or posting looks like a routine next step in the hiring process. Click through and you may land on a polished form using a real company name, logo and business language. The problem comes when the form tells you to download a ZIP file. That file can start an infection chain ending in PureHVNC, a remote access trojan that gives attackers broad access to a Windows PC.

What makes this scam effective is that it does not look like the kind of cyberattack people are used to hearing about. There is no broken English, no flashy warning and no obviously sketchy website. It looks like paperwork. It looks like hiring. It looks like the kind of thing a job seeker might click quickly after weeks or months of searching. According to the researchers, the campaign used business-related lures including job interviews, project briefs and financial documents, with LinkedIn among the platforms used to steer people to the malicious forms.

The fake Google Meet update scam works the same way. In that case, the victim sees what appears to be a Meet page telling them to install the latest version before continuing. In the context of an interview, that feels believable. People are used to clicking a link, checking audio or updating software quickly so they do not miss their slot. But the researchers found that this fake update flow could trick a Windows user into enrolling the PC in an attacker’s device management system. In other words, the victim hands over the kind of control normally reserved for an employer or school managing a device.

That is what ties these cases together. You do not have to download what looks like a classic virus from some dark corner of the internet for something serious to happen. A fake form, a fake update prompt and a few clicks can be enough. In the Meet case, attackers may be able to install or remove software, change settings, lock the screen, read files or wipe the device. In the Google Forms scam, the malware can collect system and user information, steal data from browsers and some applications, install additional components and maintain access to the machine.

So what should you look for?

Start with ZIP files. In a real hiring process, a recruiter may send a PDF, a link to a company site or a calendar invite. A compressed file labeled “project brief” or “details” should make you stop. ZIP files are not automatically malicious, but they are a common way to package malware and slip past a quick glance.

Next, slow down when a page tells you to update software before you can continue. Fake update pages work because they create a small burst of urgency. You think an interview is about to start and you do not want to be late. But a page in your browser should not be the thing that pushes you into granting major permissions. In the fake Meet case, the branding looked close enough to pass a casual glance, even though the links did not go to Google.

It also helps to verify outside the page in front of you. If a recruiter sends a form, check the sender, company and job listing independently. If an interview invite says you need to update software, go to the official source yourself rather than clicking the prompt. Open your browser menu and check for updates there. Go directly to Google Meet yourself. Do not let the page set the rules.

If you think you clicked something malicious, check for work or school account connections you do not recognize. Run your security program such as Windows Defender and Malwarebytes, which is still free. Change all of your passwords for critical accounts, especially email and financial accounts. Set up two-factor authentication if you haven’t already done so, and keep a close eye on your accounts for any suspicious activity.

Job hunting is stressful enough without turning a form or interview link into a security risk. Spread this one around. The person who needs it most may be someone too busy, too worried or too hopeful to stop and question what looks like a normal next step.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.