During the ongoing pandemic, we’re not just facing unprecedented health challenges, we’re now forced to deal with those who view this situation as an opportunity to carry out fraud and scams against susceptible people and organizations. These scams often aim to collect personally identifiable information and steal money from the victims.
Malicious actors take advantage of the social and job market volatility and target individuals looking for work-at-home employment opportunities. People searching for jobs on employment websites, such as Indeed.com, are prime targets.
An attack that has become more prevalent over the past few months has an imposter pretending to work as a company representative looking to recruit employees who want to work remotely. The imposter posts a fraudulent job listing and uses contact information from the victim's resume to either text or email the victim about setting up an online interview. They set up a virtual interview and conduct it via chat, which can result in an offer to work from home for a targeted company with an attractive salary. The imposter then asks the victim to sign an offer letter as well as complete tax forms. Finally, the imposter tells the victim they will need to purchase supplies required to work from home totaling around $700. After receiving the money, the imposter ends all contact with the victim.
A typical text message exchange might go as follows:
Scammer (posing as company recruiter): Hello, good day. Is this [victim’s name]?
Victim: Hi, who’s this?
Scammer: This is [name of legitimate company recruiting executive]. I am contacting you in regard to your resume. We are in search of hardworking and smart individuals for recruitment. All remote positions offer flexible work hours. Let me know if you are available for an online interview.
Victim: I am interested, and I would love to do an online interview. Is tomorrow a good day for that?
Scammer: I will send an invitation for you to join me in a private online meeting room for an interview. Let me know if you are ready to proceed.
Once the victim gets lured into the “interview,” the scammer messages the victim with a series of fake (but seemingly legitimate) interview questions and requests brief answers. Only later, after a job offer is extended, will the scammer ask for money.
The scammers are resourceful, clever and extremely good at making these communications look legitimate. While there are variations of this scam, the following common red flags have been seen:
- Requests for money as a hiring condition or in exchange for supplies.
- Reference a job that only appears on one site and cannot be matched to a requisition posted to the careers site of the company in question.
- Sent from a web-based email address, such as @gmail.com or @hotmail.com -- not a business email address.
- Limited to electronic communications (text, email) – no phone calls, video chats or in-person meetings.
- Provide employment offers that include starting salaries, benefits, and flexible working hours that sound too good to be true.
Anyone seeking employment at this time should stay alert for these red flags. Companies can take a number of steps to protect themselves and the victims of these scams, including:
- Once made aware of instances of the scam, immediately reach out to known victims to warn them of the scheme and gather relevant information.
- Notify platform providers to request that the identified accounts be shut down.
- Report all of the activity to the FBI’s Internet Crime Complaint Center.
- Place warning banners on external facing sites that clearly state procedures your company and partner recruiting firms use for contacting prospective employees.
- Encourage candidates to be cautious when sharing personal information over the internet.
- Share the information with recruiters for awareness.
- Run targeted searches online to identify unauthorized job listings.
- Put the word out to existing employees. Ask them to report any instances of a fraudulent job listing scheme they encounter or hear about.
Unfortunately, these activities are likely to increase given the shift in at-home work opportunities caused by the pandemic. Let’s take the time to do our part. We all must remain vigilant to keep our people and companies safe.
Alicia Lynch, chief information security officer at Science Applications International Corp.