Fake Jobs: Cybercriminals Prey on Job Seekers via Fake Job Postings

The FBI reports that fake job listings get people to hand over personal
information to cybercriminals and results in an average financial loss of
$3,000 per victim

Earn $10,000 a month just by reading emails. Make your
own schedule and work from home. Call us today to get started!

Job hunting is already a complicated process. But cybercriminals
have decided to make it even more challenging by using fake job listings like
this to steal personal information.

It’s not uncommon to receive a message on LinkedIn from potential
employers and hiring managers. Heck, I receive them frequently and I’m sure you
do, too. People around the world view LinkedIn and websites like Indeed as
trusted resources to search for job postings and to review company information.
But what if some of those job listings are for fake jobs? And what if they’re
impersonating your organization to pull off their schemes?

As if it isn’t enough that you have to worry about telephone
scams and traditional phishing emails — now job seekers and businesses alike have
to keep an eye out for fake job postings. Cybercriminals are using this variation
on phishing to either get victims to buy something or to gain access to their
personally identifying information (PII).

But how do fake job scams work and what should you look out
for? Today, we’ll give you the lowdown on fake job and hiring scams — both for
job seekers and organizations. We’ll also share some of the key warning signs
to look out for and what you can do if you think you or your business are
victims of fake job listings or impersonation scams.

Let’s hash it out.

Thousands of Fake Jobs and Employment Scams Were Reported in 2019

Let’s start with some numbers. According to the Better Business Bureau’s Scam Trackersm,  there were 3,434 scams in the U.S. that were reported between Jan. 1, 2019 and Dec. 31, 2019. The employment scams that occurred during the year that claim to have resulted in the greatest financial losses were $1.25 million on July 2, and $500,000 on Jan. 18.

The former involved a job where someone claims to have been
hired to read emails (yeah, not really sure what kind of legitimate job that
would be, but I digress) and got scammed out of a $1.25 million paycheck. The
latter involved someone claiming to be a recruiter from Quest Diagnostics and
asking the victim to provide their social security number, date of birth, and
address as part of a multi-tier interview process.

I kind of have to question the validity of the claimed
financial loss in the first case — but, hey, these are the numbers they’re
reporting. If anyone genuinely believes they were going to be paid $1.25
million for reading emails, then I’m sure someone’s also got a bridge to sell
them. (I’m not trying to victim shame here — I just believe people need to demonstrate
more common sense.)

Now, let’s check out some numbers that come to us from the great Down Under. In Australia, there were 2,499 job and employment scams reported in 2019 by the Australian Competition & Consumer Commission (ACCC). The reported financial losses from employment and job scams reported that year totaled nearly $1.7 million. This is up from the 2,841 reports in 2018 with financial losses totaling more than $1.5 million

Unlike the BBB ScamTracker, the ACCC provides more specific
demographic type of information as well as additional info about scam
methodologies. According to their data, females were targeted slightly more
frequently (49.5%) than males (48%), and the most utilized delivery method was
email (54.5%).

Fake Jobs: 10 Types of Employment Scams to Watch Out For

Job scams come in all shapes and sizes. Some cybercriminals pretend to work for small businesses while others impersonate personnel at major enterprises. From fake work-from-home jobs at Amazon to remote positions for major tech corporations, virtually any organization is fair game in the eyes of these nefarious individuals. Some of these scams target individuals who are genuinely seeking jobs to make some honest money. Others target individuals who seek to make money for little effort.

So, what are some of the most common types of fake jobs? According to Alison Doyle at, 10 common examples include:

  • Credit report scams. This is where the
    applicant is asked to provide their personally identifying information (PII) to
    run a credit check. However, what this really does is give the actor your PII,
    which they can use to steal your identity and/or open new accounts in your name.
  • Fake job application scams. This scam
    involves using an online form to collect the victims’ personal information via
    a fake application. Similarly, this can result in identity theft.
  • Background check scams. This type of scam
    involves a company requiring a job seeker to pay for a background check by providing
    payment via a pre-paid VISA or Mastercard.
  • Start-up kit purchase scams. Tell me if
    you’ve ever heard this one before: You see an ad that boasts about how you can
    make incredible pay every month by just assembling and selling products. Yeah,
    what this ends up doing is costing you money that you’ll never see again.
  • Software purchase scams. This employment
    scam involves you, as a victim, buying programs that’ll later be reimbursed.
  • Bait-and-switch scams. Initially, it
    sounds ideal: It’s an entry-level position that’ll help you develop the skills
    and knowledge you need to work your way up within X major corporation. Soon,
    you’ll be rolling in the money — except you won’t be, because it’s
    really a door-to-door sales position.  
  • Training materials scams. This type of
    fake jobs scam tactic involves them saying that they’ll send you software.
    Instead, a cashier’s check arrives, and they’ll ask you to cash the check and
    send those funds via Western Union to get the training materials. Yeah, sounds
    totally legit…
  • Online training purchase scams. Similarly,
    this type of scam also will require you to purchaseonline training
    because it’s required for the position. It’ll look like the training comes from
    a real company, but it’s a fake email address that looks similar to the real
  • Direct deposit scams. Virtually every
    employer would need your direct deposit information — and criminals know this
    and use it to their advantage. However, while legitimate employers won’t need you
    to provide that information until after you’re hired, these crooks will claim
    to need it before they can set up your interview. They’ll say that they need to
    process the information at that time.
  • Trial employment scams. Criminals will
    claim that you’re one of at least two applicants who will participate in a
    brief trial period for a legitimate company. They’ll require you to complete an
    employee contract which, of course, includes submitting your PII.   

So, how do these cybercriminals do it?

Fake Job Scam Methods: Job Boards, Fake Websites, and Phone Calls or Emails

Their methodologies also differ from criminal to criminal.
Some job scams involve offering fake jobs through fake job postings on Indeed
or by presenting LinkedIn fake job offers to users directly through private
messages. Some criminals go to the next level and create entire fake websites. And
others, who prefer less effort, may just call people on the phone or choose to
send an email instead.

Fake Websites Designed to Look Legit

According to the FBI’s Internet Crime Complaint Center (IC3), these actors create spoofed websites of real companies to pose as legitimate employers.

The report goes on to say:

While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels.”

So, imagine if someone decided to create a fake version of
your website to lure visitors to their page instead of yours. Not only would
they be stealing (and, ultimately, burning) your potential hires, but they’re
also tarnishing your reputation once the jig is up and the victims realize
their game.

They Pretend to Be You (Or A Fake Employee Within Your Organization)

Regardless of which tactic they prefer, cybercriminals like
to impersonate various personnel within organizations. They pretend to be
everyone from recruiters and human resources professionals to department
managers. Some criminals work alone while others team up to pull off more
elaborate schemes. One may pose as a recruiter and then pass you off to the
supposed “hiring manager” for the position.

Some of these criminals really like to go the extra mile to
sell their scam. They may opt to send their victims an employee contract and
request standard employment application type of information — SSN, driver’s
license info, direct deposit information, etc. They also may “require” payment
for costs associated with running background checks and screenings — which, of
course, they’ll be happy to reimburse in your first paycheck. (Red flags,

But why go to all of this trouble? They want to convince
their victims that they’re legitimate and that their fake jobs are as well.
This makes it easier for them to get victims to provide their PII, or to get
them to buy something under the guise of it being part of the application
requirements. This could include buying gift cards or purchasing fake
certification courses at a discount.

Once the cybercriminals have convinced their victims that
their scam is real and they get the info they want, they’ll drop the job
seekers like hot potatoes and will disappear.

So, how can you tell fake jobs from real ones?

How to Identify Fake Job Listings

There are a few ways that you can identify fake jobs. As discussed
just moments ago, it’s clear that cyber criminals running these scams often
request the same types of information as legitimate employers. However, there
are several indicators the IC3 says you can use to identify real
fake jobs from real ones:

  • “Interviews are not conducted in-person or through a secure video call.
  • Interviews are conducted via teleconference applications that use email addresses instead of phone numbers.
  • Potential employers contact victims through non-company email domains and teleconference applications.
  • Potential employers require employees to purchase start-up equipment from the company.
  • Potential employers request credit card information.
  • Job postings appear on job boards, but not on the companies’ websites.
  • Recruiters or managers do not have profiles on the job board, or the profiles do not seem to fit their roles.”

additional things to keep an eye out for are ads saying they have “undisclosed”
government jobs.

How to Protect Yourself as a Job Seeker from Fake Jobs

Have you seen a potential fake job listing or are worried that you’ve been scammed? has some helpful information about what job scams look like. The site also provides additional information about what you should know and do if you’re a victim and have already lost money to such as scam.

Otherwise, you can:

  • Do your research. Contact the prospective employer directly to verify whether the listed position is available.
  • Never pay in advance. If someone is trying to charge you for information about a job or requires some type of payment to apply or interview for it, run the other way. It’s a scam.  
  • Inform the Federal Trade Commission. File a complaint with the FTC to inform them about the scan.
  • Get help with identity theft. If you’ve found yourself in the position of having your PII used by a scammer, you can find official resources on how to report and recover from identity theft.

How to Protect Your
Business from Being Used in Employment Scams

So, what can you do to protect your organization’s name and
reputation from these types of scams?

Contact Law Enforcement

The Federal Trade Commission recommends business that believes they’re the victim of an impersonation scam to report the scam to the FBI’s IC3. They also suggest you encourage job seekers to forward any related emails to the Anti Phishing Working Group (APWG).

Funnel All Applications Through Your Website

Encourage users to only apply for jobs on your official
website. If you post job listings on any job boards, be sure to include that
information in the job postings as well.

Assert Your Identity on Your Website

Every website should use SSL/TLS certificates to ensure that
any transactions are made via secure, encrypted connections. The additional
benefit of using an organization validation (OV) or extended validation (EV)
SSL certificate on your website is that it helps you to assert your
organizational identity. This way, job seekers and customers alike know that
you’re you and not an imposter.

Graphic: Certificate info helps you assert identity

Google Your

Research job ads listing your organization’s name on Indeed,
LinkedIn, Glassdoor, Monster, and other major job websites. Ensure that any job
listings you find are genuine and report any that aren’t. You can take this a
step further and search Google (or your preferred search engine) in general for
additional job listing locations.

Notify Job Seekers
About the Scam

If your organization is the victim of an impersonation
phishing scam for fake jobs, be sure to add a notification to your website’s
home page that warns users about the fraudulent activity.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: