🔎 A Guide For Combatting Employment Offer Scams

Author(s): Christian Scott

💡

It’s an unfortunate reality that malicious actors do not just target companies but also unsuspecting individuals that are in the process of searching for a new career via Employment Offer Scams. Furthermore, when someone is career searching they are particularly vulnerable to social engineering due to the fact that they enthusiastic and open to new opportunities.

Employment or Offer scams are usually a form of advance fee fraud where unscrupulous persons posing as recruiters or employers offer attractive employment opportunities that require the job seeker to pay money in advance or will offer to hire an individual to steal their personally identifiable information including the applicant’s social security number which can then be used for Identity Theft. Scammers are known to steal the names of legitimate businesses and organizations to trick job seekers into divulging personal information and cheat them out of money.

👩‍💻 Important Tips For Job Seekers:

Don't pay for the promise of a job. Legitimate employers, including the federal government, will never ask you to pay to get a job. Anyone who does is a scammer.
Websites that catalog job openings can’t easily verify the legitimacy of every single opportunity. If you see a job on a job board, go directly to the company’s website to see if the job is also posted in their careers section. If it isn’t, this is a good sign the post is not legitimate. If you are still skeptical, call the business to verify the opening.
Has a recruiter emailed or messaged you directly? If their email is from a generic domain (e.g., not from a corporate domain), ask them to email you from their corporate email address. Check to ensure the corporate email matches the website. Some scammers will spoof a legitimate email with minor variations to fool victims. Do your research on the recruiter.
Search for the job online - If a job looks suspicious, search for it on Google. If the exact same job posting comes up in many other cities, it may well be a scam.
Look for errors: Scam job postings often contain grammatical errors, misspellings and an overabundance of exclamation marks.
Keep private information private – Avoid job listings that ask you to share personal information or to send money.
Do not click on unsolicited links in emails, social media messages, text messages, etc. Confirm any links, especially those collecting sensitive information, were intentionally sent by the hiring company. Resist the urge to act quickly, especially when receiving and sending money.
Scammers often ask for money to pay for running a credit check, setting up direct deposit or paying for training. Never bank on a “cleared” check. No legitimate potential employer will ever send you a check and then tell you to send on part of the money, or buy gift cards with it. That’s a fake check scam. The check will bounce, and the bank will want you to repay the amount of the fake check.

Resources:

→ StaySafeOnline - Job Search Security

→ FTC Job Scam Tips

🏢 Important Tips For Employers:

🔎 Proactively Monitor Your Company’s LinkedIn Account

It’s important to make sure no one outside of your organization is claiming to be working at your organization, especially on LinkedIn. It's fairly common for malicious actors to set up fake LinkedIn profiles associated with an org they are impersonating. If you

→ Report a Fake LinkedIn Company

→ Report a Fake LinkedIn Profile

→ Report Inaccurate Information

🌐 Proactively Monitor Your Company’s Domains for Homograph Phishing Attacks, Typo Squatting, and Brand Impersonation

Be sure to proactively monitor all of your company’s domains with a tool like DNSTwist (free and open source) to look for any domains that may be trying to impersonate your company’s brand which could be leveraged for social engineering.

→ DNSTwist Search

→ DNSTwist on Github

📣 Proactively Inform Job Seekers

Proactively list on your Careers page a reminder of where the legit careers site is (and the job application process) and to be weary of malicious actors impersonating employers to still candidates' sensitive information. It’s helpful to point job seekers to the below resources.

Resources:

→ StaySafeOnline - Job Search Security

→ FTC Job Scam Tips

🔥 How to Respond To Brand Impersonation Attempts

Report The Malicious Actor To US-CERT:

It provides information on where to send a copy of the email or the URL to the website so that they may be examined by experts. It also includes links with details on phishing scams and how to recognize them and protect yourself. https://www.cisa.gov/uscert/report-phishing

Report The Malicious Actor To The Anti-Phishing Working Group (APWG):

Unlike US-CERT, antiphishing.org features a text box in which to copy and paste the contents of the suspicious email you have received, including the header as well as the body of the message. http://antiphishing.org/report-phishing/

Report The Malicious Actor To The Internet Crime Complaint Center (IC3):

Make sure you have all the information needed before filing a complaint, they will ask for information about the victim, whether there was a financial transaction, and of course, any info you have about the sender. https://www.ic3.gov/default.aspx

Report The Malicious Domain To The Domain Registrar:

Google has a helpful resource for report domain abuse. https://support.google.com/domains/answer/10093434?hl=en
NameCheap has a fantastic guide for reporting malicious domains to the domain registrar. https://www.namecheap.com/blog/how-to-report-a-fraudulent-website-to-a-registrar/

🎙️Communicate To Affected Job Seekers

How your team responds to people affected by these malicious actors is important for community security awareness. Create a solid message template like the one below that can help your team handle these situations in a delicate and informative manner. Be sure to arm your hiring managers and HR folks with this information.

✍️

"We appreciate you reporting that someone is maliciously masquerading on the internet as our organization.

We will be reporting the associated malicious email address to the Internet Crime Complaint Center(IC3) so that the email account / domain can be taken down. As you might be aware, it is very easy for malicious actors to impersonate successful companies, so it is always important to make sure you're looking at job postings with trusted sources, our organization does have many positions open, and they are posted on <JOB APPLICATION SITE>.

We also recommend reviewing the Job Search Security Tips provided by the National Cyber Security Alliance to best protect yourself in your job searching process.

https://staysafeonline.org/resource/job-search-security/

Please do not hesitate to reach out if you have any other questions or concerns. We wish you the best as you look for new career opportunities. Thank you."

Copyright 2023 Enclave Regenerous. Unless otherwise stated, all of our work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. Simply put, please share it, provide attribution and if you remix it then share generously with others. The work of others that is featured on this site is always provided with attribution and is not directly monetized.

Disclaimers:

The opinions expressed here are respectively our own and do not reflect the views of our organization or anyone else unless quoted verbatim.

We try our best to provide helpful insight to folks but there is no warranty to completeness of anything we create or post here; so please be sure to always do your own research.