Skip to main content

Protect Your Company from Job Posting Scams

By November 18, 2021August 28th, 2023Business & Compliance

young brunette girl looking at laptop with stressed look and hands grabbing the root of her hairAs cyber criminals become more sophisticated, their schemes are getting more and more complex – and clever. The latest? Preying on job seekers by using fake job posting scams and employment offers. This variation on “phishing” has increased since people started working from home and while many are looking for new opportunities as part of the Great Resignation. However, no one is safe! In fact, students and new graduates account for approximately one in three reported fake hiring scams.

How do they do it?

The Making of a Fake Job Posting

These scammers are masters of creating an aura of legitimacy. Often, their first step is creating a spoof – and nearly identical imitation – of your website. Next, the scammers will pick the team member they want to use as their disguise.

Once they have chosen their pretend identity as you or one of your employees, they will claim to be you and put up fake job postings on legitimate job boards. These official-looking job postings will include a link to that counterfeit company page.

It does not stop there! Scammers will go as far as conducting false interviews with unsuspecting applicants. Throughout this phishing process, the scammers request the same kind of information that legitimate employers do. They will send candidates an employment contract to sign – not an unusual request – before the candidate is “hired.”

candidates are getting phished and scammed by applying to fake job posting and then completing fake employment contracts that request personal and credit card informationIn this contract, scammers will ask for personally identifiable information (PII) and credit card information. This request is their final effort to fulfill their goal of stealing PII and money. They will claim it is necessary to pay for things like background checks, training, or start-up equipment.

In the end, these scammers will burn your potential hires and damage your reputation. This serious damage can make it even harder to fill your positions with the best people. It is unfortunate but pretty clever.

How to Protect Your Company & Its Reputation

So, how do you protect yourself and your company? The FBI’s Crime Complaint Center (IC3) and other cyber security experts suggest the following: 

  1. Conduct a web search of your organization using your company name only – A red flag can be if you see multiple websites for your company with a variation on your domain name (GreatCompanyLLC.com vs. GreatCompany.com). This is a sign there may be fake job listings out there using your company as a front.
  2. Regularly search for jobs using your company name on all the major job boards – Indeed, Monster, LinkedIn, CareerBuilder, etc. Make sure those listings line up with your actual open positions.
  3. Funnel all your job applications through your applicant tracking system with your jobs posted on your website career page – Do not allow candidates to submit applications through other databases like LinkedIn Apply or Indeed. If you are unsure how to do this, we can help!
  4. Include application and hiring process information on your website – Let candidates know what to expect and what information you will and will not ask for. Be clear that you will not request credit card information. Also, that other PPI will only be requested after an applicant has been hired. Your website is also a great place to communicate if your company is ever a victim of this kind of crime. You can notify job seekers on your home page and warn them about the fraudulent activity.
  5. computer user is confirming their SSL/TLS certificate is valid and not expired. a white pop up window is opened as the user clicks on the padlock icon next to the url: hire ventures.com. The pop up box reads "Connection is secure, Certificate is valid"Make sure your website uses SSL/TLS certificates – These certificates ensure secure encrypted connections and assert your organizational identity. An easy way to confirm that your certificate is valid is by clicking on the little padlock icon next to your web address in the search field. If your certificate is expired, you will want to get it up to date right away.

Report, report, report

Lastly, if you are a victim of employment or fake job posting scams, the Federal Trade Commission (FTC) recommends you report it to the FBI’s IC3. The FTC also encourages job seekers involved in the scam to forward related emails to the Anti Phishing Working Group (APWG).

We are all in this together, so spread the word. Stay alert. Do not let your company or your candidates, be a victim of fake job postings and offers.

Contact our team of experienced talent consultants for help creating a safe and secure application and hiring process!


BOOK A FREE Discovery Call To learn more about our HR & Recruiting services!

 

One Comment

Leave a Reply

%d bloggers like this: