The Great Job Resignation is here! If ever there was a time to reevaluate your current position and look for a new opportunity – it’s now. But, something to note, candidates like you aren’t the only ones looking to take advantage of this trend, Cyber Criminals are too.
Think about the application process for a minute, and you can see why this is a lucrative endeavor ripe for abuse. Job applications, interviews, offers, and onboarding can all be done online and due to the business impact of the COVID pandemic, it’s a pretty common practice.
While Cyber Criminals have become more and more sophisticated, in reality, fake jobs are just another version of “Phishing.” What they want is your personally identifiable information (PII). They also want your credit card or banking details to impersonate you, apply for loans and credit cards, make purchases, drain your bank account, or just to sell your information on the dark web.
How Cyber Criminals Suck You In
The scammers create an appearance of legitimacy by posting fake jobs on legitimate job boards – like Indeed. Then they link you to counterfeit websites, sometimes even pretending to be large, well-known companies like Amazon or Quest Diagnostics.
Or, you could receive a message on LinkedIn from someone claiming to be representing a legit company. That person will even have a LinkedIn profile listing the company as their current employer. If you have a LinkedIn profile, you know how easy this is to do. You could get an email from a ‘recruiter’ claiming to represent a well-known company or a not-so-well-known company. It doesn’t matter, for the scammer, it’s all a sham.
Once they get you on the hook, they’ll schedule interviews and sometimes introduce you to multiple criminals impersonating personnel from several different departments – from HR to department managers. They’ll suck you in by manipulating you on an emotional level, tell you what a great candidate you are, how you’re such a perfect fit for the job. Why? Because we all want to feel validated when we’re on a job hunt.
That’s how they get you.
Next, they’ll request the same kind of information that legitimate employers do – which is the tricky part. They’ll ask you to sign an employment contract – not so unusual. But they’ll take it one step further and ask for personally identifiable information (PII) in the contract before you’re hired. Or, they’ll request credit card information to pay for things like background checks, training, or to purchase start-up equipment.
Tips for Detecting Fake Job Postings
Here are some tips for job seekers from the FBI that can help you detect if a potential employer is really a criminal actor perpetrating employment fraud:
- Interviews are not conducted in person or through a secure video call.
- Interviews are conducted via teleconference applications that use email addresses instead of phone numbers.
- If potential employers…
- Contact victims through non-company email domains and teleconference applications.
- Require employees to purchase start-up equipment from the company.
- Require employees to pay upfront for background investigations or screenings.
- Request credit card information.
- Send an employment contract to physically sign asking for PII.
- Job postings appear on job boards, but not on the companies’ websites.
- Recruiters or managers don’t have profiles on the job board, or the profiles don’t seem to fit their roles.
Job Offer Legitimacy Checklist
Cyber security professionals and the FBI also suggest the following actions and tips for job seekers if they receive a job offer online:
- Conduct a web search of the hiring company using the company name only. Results that return multiple websites for the same company (GreatCompanyLLC.com vs. GreatCompany.com) can indicate fraudulent job listings.
- Legitimate companies will ask for PII and bank account information for payroll purposes after hiring and during the onboarding of new employees.
- Never send money to someone you meet online, especially by wire transfer.
- Don’t provide credit card information to any employer, ever!
- Never provide bank account information to employers without verifying their identity. Most companies today use a payroll provider which allows you to set this up on your own.
- Don’t accept any job offers that ask you to use your own bank account to transfer their money. A legitimate company will not ask you to do this.
- Never share your Social Security number or other PII that can be used to access your accounts with someone who does not need to know this information.
- Before entering PII online, make sure the website is secure by looking at the address bar. The address should begin with “https://”, not “http://”.
- However, criminals can also use “https://” to give victims a false sense of security. A decision to proceed should not be based solely upon the use of “https://”.
For Future Notice
If you are a victim of an employment scam, the Federal Trade Commission (FTC) recommends you report it to the FBI’s Crime Complaint Center (IC3). The FTC also encourages job seekers involved in a scam to forward related emails to the Anti Phishing Working Group (APWG).
We are all in this together, so spread the word. Inform friends and family. Stay alert. Don’t let yourself be a victim of fake job postings and offers.