Amer Owaida, Security Writer at ESET explains that job hunting has been an hunting ground for cybercriminals who are putting a new twist on an old trick to scams the candidates
Scammers are combining spoofed company websites and fake job ads to trick unsuspecting job seekers into surrendering their sensitive information and paying fraudulent fees.
According to a recent public service announcement by the FBI’s Internet Crime Complaint Center (IC3), fraudsters increasingly post job openings on legitimate job boards and, in order to boost their aura of authenticity, direct people to fake domains whose names resemble those of real, reputable companies. The goal is to hoodwink job seekers into parting with their personal information that could be misused for a whole range of illicit activities, such as opening bank accounts or even forging identity documents in the victims’ names.
Many people, duly excited about the prospect of being hired, apply on the fake websites or respond to the ads. “According to victims, cybercriminals impersonate personnel from different departments, including recruiters, talent acquisition, human resources, and department managers,” said the FBI.
After the victim is interviewed and “hired”, they will receive a fake employment contract to physically sign, and a request to provide a copy of their personal information. Usually, that consists of a copy of a driver’s license, Social Security number, direct deposit information, and credit card information. The scammers may turn it up a notch by also requesting that the victim should pay upfront for a variety of things, such as a background check or equipment. After the money is transferred, their scam concluded, they stop replying.
How to protect yourself
It is understandable that in a quest for a job we get so excited by the possibility of getting hired that we tend to overlook the warning signs of something being amiss. This is especially true if the job market is volatile and overcrowded, providing scammers with ample opportunity to trick job seekers.
You should always adhere to the golden rule “trust but verify”. Run a web search on the company you’re seeking to join to see if anything suspicious comes up, such as multiple websites. Companies usually conduct on-site interviews – conference calls take place if one of the parties is not able to appear in person. When such calls take place, they are conducted through official channels.
Another thing that you need to keep in mind is that an employer will never request your credit card information. As for the personal information you provide for salary purposes, those are requested after you’ve been officially hired, and you can provide those in person to the accounting department at the company.
Job scams have been around for years, of course. According to its 2018 Internet Crime Report victims were swindled out of US$45 million by hiring scams, an increase of US$6 million compared to the previous year. The FBI reports that the average loss per victim is around US$3,000 and a hit to their standing with their banks.