(No Ratings Yet)

Loading...

• Facebook
• Twitter
• LinkedIn
• Mail

January 27, 2020 Comments closed

Fake Jobs: Cybercriminals Prey on Job Seekers via Fake Job Postings

in Hashing Out Cyber Security

The FBI reports that fake job listings get people to hand over personal information to cybercriminals and results in an average financial loss of $3,000 per victim

Earn $10,000 a month just by reading emails. Make your own schedule and work from home. Call us today to get started!

Job hunting is already a complicated process. But cybercriminals have decided to make it even more challenging by using fake job listings like this to steal personal information.

It’s not uncommon to receive a message on LinkedIn from potential employers and hiring managers. Heck, I receive them frequently and I’m sure you do, too. People around the world view LinkedIn and websites like Indeed as trusted resources to search for job postings and to review company information. But what if some of those job listings are for fake jobs? And what if they’re impersonating your organization to pull off their schemes?

As if it isn’t enough that you have to worry about telephone scams and traditional phishing emails — now job seekers and businesses alike have to keep an eye out for fake job postings. Cybercriminals are using this variation on phishing to either get victims to buy something or to gain access to their personally identifying information (PII).

But how do fake job scams work and what should you look out for? Today, we’ll give you the lowdown on fake job and hiring scams — both for job seekers and organizations. We’ll also share some of the key warning signs to look out for and what you can do if you think you or your business are victims of fake job listings or impersonation scams.

Let’s hash it out.

Thousands of Fake Jobs and Employment Scams Were Reported in 2019

Let’s start with some numbers. According to the Better Business Bureau’s Scam Tracker^sm,  there were 3,434 scams in the U.S. that were reported between Jan. 1, 2019 and Dec. 31, 2019. The employment scams that occurred during the year that claim to have resulted in the greatest financial losses were $1.25 million on July 2, and $500,000 on Jan. 18.

The former involved a job where someone claims to have been hired to read emails (yeah, not really sure what kind of legitimate job that would be, but I digress) and got scammed out of a $1.25 million paycheck. The latter involved someone claiming to be a recruiter from Quest Diagnostics and asking the victim to provide their social security number, date of birth, and address as part of a multi-tier interview process.

I kind of have to question the validity of the claimed financial loss in the first case — but, hey, these are the numbers they’re reporting. If anyone genuinely believes they were going to be paid $1.25 million for reading emails, then I’m sure someone’s also got a bridge to sell them. (I’m not trying to victim shame here — I just believe people need to demonstrate more common sense.)

Now, let’s check out some numbers that come to us from the great Down Under. In Australia, there were 2,499 job and employment scams reported in 2019 by the Australian Competition & Consumer Commission (ACCC). The reported financial losses from employment and job scams reported that year totaled nearly $1.7 million. This is up from the 2,841 reports in 2018 with financial losses totaling more than $1.5 million

Unlike the BBB ScamTracker, the ACCC provides more specific demographic type of information as well as additional info about scam methodologies. According to their data, females were targeted slightly more frequently (49.5%) than males (48%), and the most utilized delivery method was email (54.5%).

Fake Jobs: 10 Types of Employment Scams to Watch Out For

Job scams come in all shapes and sizes. Some cybercriminals pretend to work for small businesses while others impersonate personnel at major enterprises. From fake work-from-home jobs at Amazon to remote positions for major tech corporations, virtually any organization is fair game in the eyes of these nefarious individuals. Some of these scams target individuals who are genuinely seeking jobs to make some honest money. Others target individuals who seek to make money for little effort.

So, what are some of the most common types of fake jobs? According to Alison Doyle at TheBalanceCareers.com, 10 common examples include:

• Credit report scams. This is where the applicant is asked to provide their personally identifying information (PII) to run a credit check. However, what this really does is give the actor your PII, which they can use to steal your identity and/or open new accounts in your name.
• Fake job application scams. This scam involves using an online form to collect the victims’ personal information via a fake application. Similarly, this can result in identity theft.
• Background check scams. This type of scam involves a company requiring a job seeker to pay for a background check by providing payment via a pre-paid VISA or Mastercard.
• Start-up kit purchase scams. Tell me if you’ve ever heard this one before: You see an ad that boasts about how you can make incredible pay every month by just assembling and selling products. Yeah, what this ends up doing is costing you money that you’ll never see again.
• Software purchase scams. This employment scam involves you, as a victim, buying programs that’ll later be reimbursed.
• Bait-and-switch scams. Initially, it sounds ideal: It’s an entry-level position that’ll help you develop the skills and knowledge you need to work your way up within X major corporation. Soon, you’ll be rolling in the money — except you won’t be, because it’s really a door-to-door sales position.  
• Training materials scams. This type of fake jobs scam tactic involves them saying that they’ll send you software. Instead, a cashier’s check arrives, and they’ll ask you to cash the check and send those funds via Western Union to get the training materials. Yeah, sounds totally legit…
• Online training purchase scams. Similarly, this type of scam also will require you to purchaseonline training because it’s required for the position. It’ll look like the training comes from a real company, but it’s a fake email address that looks similar to the real deal.
• Direct deposit scams. Virtually every employer would need your direct deposit information — and criminals know this and use it to their advantage. However, while legitimate employers won’t need you to provide that information until after you’re hired, these crooks will claim to need it before they can set up your interview. They’ll say that they need to process the information at that time.
• Trial employment scams. Criminals will claim that you’re one of at least two applicants who will participate in a brief trial period for a legitimate company. They’ll require you to complete an employee contract which, of course, includes submitting your PII.   

So, how do these cybercriminals do it?

Fake Job Scam Methods: Job Boards, Fake Websites, and Phone Calls or Emails

Their methodologies also differ from criminal to criminal. Some job scams involve offering fake jobs through fake job postings on Indeed or by presenting LinkedIn fake job offers to users directly through private messages. Some criminals go to the next level and create entire fake websites. And others, who prefer less effort, may just call people on the phone or choose to send an email instead.

Fake Websites Designed to Look Legit

According to the FBI’s Internet Crime Complaint Center (IC³), these actors create spoofed websites of real companies to pose as legitimate employers.

The report goes on to say:

While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels.”

So, imagine if someone decided to create a fake version of your website to lure visitors to their page instead of yours. Not only would they be stealing (and, ultimately, burning) your potential hires, but they’re also tarnishing your reputation once the jig is up and the victims realize their game.

They Pretend to Be You (Or A Fake Employee Within Your Organization)

Regardless of which tactic they prefer, cybercriminals like to impersonate various personnel within organizations. They pretend to be everyone from recruiters and human resources professionals to department managers. Some criminals work alone while others team up to pull off more elaborate schemes. One may pose as a recruiter and then pass you off to the supposed “hiring manager” for the position.

Some of these criminals really like to go the extra mile to sell their scam. They may opt to send their victims an employee contract and request standard employment application type of information — SSN, driver’s license info, direct deposit information, etc. They also may “require” payment for costs associated with running background checks and screenings — which, of course, they’ll be happy to reimburse in your first paycheck. (Red flags, anyone?)

But why go to all of this trouble? They want to convince their victims that they’re legitimate and that their fake jobs are as well. This makes it easier for them to get victims to provide their PII, or to get them to buy something under the guise of it being part of the application requirements. This could include buying gift cards or purchasing fake certification courses at a discount.

Once the cybercriminals have convinced their victims that their scam is real and they get the info they want, they’ll drop the job seekers like hot potatoes and will disappear.

So, how can you tell fake jobs from real ones?

How to Identify Fake Job Listings

There are a few ways that you can identify fake jobs. As discussed just moments ago, it’s clear that cyber criminals running these scams often request the same types of information as legitimate employers. However, there are several indicators the IC³ says you can use to identify real fake jobs from real ones:

• “Interviews are not conducted in-person or through a secure video call.
• Interviews are conducted via teleconference applications that use email addresses instead of phone numbers.
• Potential employers contact victims through non-company email domains and teleconference applications.
• Potential employers require employees to purchase start-up equipment from the company.
• Potential employers request credit card information.
• Job postings appear on job boards, but not on the companies’ websites.
• Recruiters or managers do not have profiles on the job board, or the profiles do not seem to fit their roles.”

Some additional things to keep an eye out for are ads saying they have “undisclosed” government jobs.

How to Protect Yourself as a Job Seeker from Fake Jobs

Have you seen a potential fake job listing or are worried that you’ve been scammed? Consumer.gov has some helpful information about what job scams look like. The site also provides additional information about what you should know and do if you’re a victim and have already lost money to such as scam.

Otherwise, you can:

• Do your research. Contact the prospective employer directly to verify whether the listed position is available.
• Never pay in advance. If someone is trying to charge you for information about a job or requires some type of payment to apply or interview for it, run the other way. It’s a scam.  
• Inform the Federal Trade Commission. File a complaint with the FTC to inform them about the scan.
• Get help with identity theft. If you’ve found yourself in the position of having your PII used by a scammer, you can find official resources on how to report and recover from identity theft.

How to Protect Your Business from Being Used in Employment Scams

So, what can you do to protect your organization’s name and reputation from these types of scams?

Contact Law Enforcement

The Federal Trade Commission recommends business that believes they’re the victim of an impersonation scam to report the scam to the FBI’s IC3. They also suggest you encourage job seekers to forward any related emails to the Anti Phishing Working Group (APWG).

Funnel All Applications Through Your Website

Encourage users to only apply for jobs on your official website. If you post job listings on any job boards, be sure to include that information in the job postings as well.

Assert Your Identity on Your Website

Every website should use SSL/TLS certificates to ensure that any transactions are made via secure, encrypted connections. The additional benefit of using an organization validation (OV) or extended validation (EV) SSL certificate on your website is that it helps you to assert your organizational identity. This way, job seekers and customers alike know that you’re you and not an imposter.

Google Your Organization

Research job ads listing your organization’s name on Indeed, LinkedIn, Glassdoor, Monster, and other major job websites. Ensure that any job listings you find are genuine and report any that aren’t. You can take this a step further and search Google (or your preferred search engine) in general for additional job listing locations.

Notify Job Seekers About the Scam

If your organization is the victim of an impersonation phishing scam for fake jobs, be sure to add a notification to your website’s home page that warns users about the fraudulent activity.

• #Fake Jobs