If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680

Job Phishing Scams and How to Avoid Them

Home » Blog » Cybersecurity » Job Phishing Scams and How to Avoid Them
Job Phishing Scams and How to Avoid Them

Searching for a new job is hard enough without also worrying about employment scams. Unfortunately, fraudulent job postings have always been around, and thanks to the advent of technology, are only becoming more convincing. The practice of job scamming itself has become more accessible and lucrative.

In an employment scam, cyber criminals leverage their position as a potential employer to persuade victims to pass along their personal identifiable information (PII). With this information in hand, the scammers are then able to execute a variety of illegal activities like identity theft, setting up fake financial accounts, taking over existing financial accounts, and even obtaining false driver’s licenses or passports.

The shift towards remote work provides an added boon for cyber criminals. Not only is it easier to create fake work-from-home jobs, but there are significantly more people new to remote work looking for these jobs. These scammers are also preying on the desperation some job seekers are facing due to the pandemic.

Scammers are Using Technology to their Advantage

Technology has given cyber actors the means to spoof websites and create legitimate looking job ads with ease.

Cyber criminals impersonating a company create a similar website domain and craft a duplicate website to appear as that original company. By using an email address affiliated with their fake website, communications from mock recruiters seem real.

Like a strong phishing email, these websites can look so convincing it’s hard to notice the scam until it’s too late.

Jobs are Posted on Legitimate Sites to Create a Sense of Security

Most job seekers start their search on a job board such as Indeed or ZipRecruiter due to the volume of job postings and a perceived confidence in the legitimacy of job ads.

It’s incredibly easy to post a job to one of these boards, and scammers use that to their advantage. Many people assume that because a job is posted on one of these reputable websites, it must come from a legitimate source.

Cyber criminals can impersonate personnel from all departments (recruiters, talent acquisition, human resources, and department managers) and send unsolicited job offers via email or these boards. Fake offers can also come through social media like Instagram or Facebook Messenger.

Even LinkedIn isn’t immune from job scams, and users are more likely fall victim because of LinkedIn’s reputation.

How to Identify an Employment Scam

Here are some red flags to look out for when job searching:

  • The job posting or recruitment email has obvious spelling/grammatical errors or is unusually vague.
  • The recruiter’s email domain is “@Gmail” or another non-company site.
  • Interviews are not conducted in person or via a secure video conference platform.
  • They require you to pay for training or start-up equipment.
  • You are sent a physical employment contract to sign asking for PII.
  • The recruiter creates a sense of urgency and is pushing you to accept the job immediately.
  • You’re offered a job without prior employment verification or reference checks.
  • Jobs that promise high pay for little effort—like remote data entry jobs—are usually fake.

How to Protect Your Information

The most important thing you can do to avoid falling victim to a job phishing scam is to be critical of every job posting and assume every unsolicited job offer is a scam until proven otherwise.

Use these best practices to keep your PII safe:

Verify company information

  • After finding a job ad, search the company name and go directly to their website to see if the job is also posted there—if it isn’t, it could be a scam.
  • Be aware of multiple search results with similar domains.
  • Try and verify any addresses/phone numbers/email addresses on the website.
  • Check out the company’s social media presence—or lack thereof.

If you’re sent an unsolicited job offer via email:

  • Don’t click on direct links.
  • Look at the email address—does it seem official?
  • Treat these emails like you would a phishing email by reaching out directly to the sender/verifying through the actual company website.

Don’t send money to someone you’ve never met

  • Some scammers ask for funds via a credit card or wire transfer—don’t send it to them.
  • Do not share any banking information (or other PII) during the interview.

Legitimate employers will only ask for your PII after the hiring process is complete for payroll purposes, and it is usually done in person or through a secure video call.

What to Do if You Fall Victim to an Employment Scam

Report the malicious activity to the website where the job was posted and to the company the cyber actors were impersonating. Contact your financial institution immediately upon the discovery of any fraudulent activity.

Ultimately, if a job sounds too good to be true, it probably is. Phrases like “fast money,” “unlimited earning potential,” “or minimum effort required” seem enticing, but they are strong indicators of a scam. In your next job search, be sure to keep these practices in mind to protect your PII.

Blue Team Alpha’s Hiring Policies

To learn about our hiring policies and actions we will never take when hiring, visit our alert on recruiting scams.

Facebook
Twitter
LinkedIn
Pinterest