At the onset of the COVID-19 pandemic in early 2020, as the world panicked about how the future looked, so too did businesses. With 15% of adults in the U.S. laid off as a result of the pandemic, and many more millions around the world, cybercriminals sensed an opportunity to prey on those that were already desperate and vulnerable, and consequently job scams increased in popularity.
Otherwise known as employment or recruitment scams, job scams come in all shapes and sizes. Most commonly, the scammer will post a fake ad on job boards, often masquerading as a legitimate company, and offer perks such as high pay or commissions, remote work, and with little or no experience required. Sometimes the advertised positions are fronts for money laundering schemes, where individuals receive a payment and are told to transfer the funds to another bank account in exchange for a commission. In other cases, the scammer is looking to steal personal information, such as licence or passport details, and the victim may be told they need to make an initial investment or pay for resources upfront and receive nothing in return.
In the midst of “The Great Resignation” and the growing trend of “quiet quitting”, the world is witnessing an unprecedented shift, with many employees valuing work-life balance and job fulfilment above financial reward. Although this revolution began in early 2021, a recent study shows there are no signs of it slowing down, with one in five of the 52,000 respondents declaring they are extremely or very likely to switch employers in the coming year. While no individual should put up with inadequate working conditions, this movement is leaving many job seekers vulnerable to the threat of job or HR related scams.
In February 2022, the Federal Bureau of Investigation (FBI) released a public service announcement warning of such scams. The announcement cautioned that “scammers lend credibility to their scheme by using legitimate information to imitate businesses, threatening reputation harm for the business and financial loss for the job seeker.” They further added that since early 2019, the average reported losses from job scams were nearly USD $3,000 and many victims credit scores were also negatively impacted – costs that jobseekers generally can’t afford. Australians are also increasingly falling victim to these scams. From January to July 2022, Australians lost more than $4.37 million to job and employment scams, a 113% increase on the same period in 2021.
As is often the case with scams, the most vulnerable segments of the community are targeted. In the case of a job seeker scam, that can include university students. Relatively inexperienced and desperate to land a role that will start them off on their career trajectory, they can be more anxious and naive about the hiring process. Attacks targeting them are becoming increasingly prevalent.
In one such recent example, a post went viral on LinkedIn in which Narisa K explained that she had received an email in her university inbox asking her to interview for a Remote Product Design Manager role at the software company Splunk. The email explained that they had reviewed Narisa’s profile on AngelList and that her skills and experience would make her a great fit. Clearly flattered and excited to be approached, Narisa applied and was granted an interview on Skype chat. It went well, and days later she received an offer of employment, as well as a contract, background check authorisation, direct deposit form, and a copy of her driver’s license.
Narisa was given a temporary email address and informed that she would “be given company funds to purchase an iPhone 13 Pro, an Apple Watch Series 7, and Microsoft Business Standard”, which she was instructed to purchase using her own credit card and to send the items to their address so that the company could add the necessary software. Fortunately, after sending the items off, alarm bells began to ring and Narisa reached out to a member of Splunk’s HR department via LinkedIn, who confirmed the job offer was a scam.
Throughout the process, the scammers adopted language and personas that were familiar to Splunk, increasing the apparent legitimacy of the process. They called Narisa a “Splunker”, and used the names and profiles of legitimate Splunk employees, so Narisa was justifiably fooled in what she described as an “elaborate, calculated, and targeted crime”. In the cybersecurity industry, heavily tailored campaigns that employ social engineering to research and customise the approach to a specific victim, are referred to as ‘spear phishing’. They play on the psychology of the target, and sadly Narisa’s case isn’t a one-off.
With the shift towards working from home, either remote or hybrid, as many businesses have embraced in the past two years, individuals have become more comfortable with communicating via instant messages, video chats & online meetings. It’s not even uncommon to conduct meetings with cameras off. And while this new reality is great for those that roll out of bed, straight to work at their laptop, it’s even better for scammers who operate with relative anonymity, often faceless, and even voiceless.
Scammers are now armed with an arsenal of tools to launch these targeted recruitment attacks. It’s not uncommon for conversations to be initiated over LinkedIn, or as was the case for Narisa, scammers reached out via SMS and email with information they obtained through websites such as Angel List, where jobseekers can list their skills, preferences and contact information in the hopes of finding their “dream job”. While many would be quick to question a request for a chat-only interview, those with little-to-no work experience may accept this as a post-pandemic workplace reality.
If you’re in the market for a job, or if you’ve been contacted with an offer that almost seems too good to be true, here are some warning signs that may indicate fraud:
- Poor grammar in the job ad or communication
- Request for money (application fees, taxes, purchasing of equipment)
- Request for personal information in early stages of the recruitment process
- Offer of employment without a face-to-face interview
- Use of emails from free email accounts (Gmail, Outlook)
If you’ve fallen victim to recruitment fraud, or had a near-miss, visit: Have You Been Scammed? Here’s Where to Report It
Talk to us
Talk to a MailGuard solution consultant today about securing your company's inboxes. You can get in touch with us by calling +61 3 9694 4444, or by emailing us at info@mailguard.com.au.
Existing MailGuard partners and clients can reach out to us here:
Australia - please call us on 1300 30 65 10
US - call 1888 848 2822
UK - call 0 800 404 8993
