Scammers Targeting Job Seekers as Layoffs Mount
Cybercriminals are looking to take advantage of the newly unemployed.
Cybercriminals are looking to make the most of job-seek desperation.
There are plenty of jobs posted online that offer generous pay and benefits, flexible hours, and the ability to work from home with no previous experience required. The problem is, most of them are scams.
Cybersecurity experts say employment scams are on the rise, boosted by recent layoffs in the tech and other industries.
Falling for the scams could have big consequences. Job seekers stand to lose precious dollars at a time when they can least afford to, along with their most personal information, likely setting them up for identity theft or other kinds of fraud down the road.
Many people know to be automatically suspicious of job pitches that come in the form of unsolicited emails and texts, but scams are also showing up on job sites like LinkedIn, or as posts to Facebook groups and other social media, giving them a veneer of false legitimacy that makes them more likely to dupe job seekers.
Meta, the parent company of Facebook, didn't respond to multiple requests for comment for this story.
Meanwhile, when times are tough, people are more likely to ignore what might otherwise seem like obvious red flags, said AJ Nash, vice president of intelligence for the cybersecurity company ZeroFox.
"They're preying on people who are really excited or really desperate," Nash said, noting that in addition to the newly jobless, recent college graduates can also be targets. "Some people are just going to suspend their disbelief."
Often, the scammers will ask for money to pay for application fees or start-up equipment, or sensitive private information like Social Security numbers to put the job-seeker on the payroll or do a background check. It's almost always a scam, Nash said.
An example of a fake job listing posted to Facebook.
The continued shift to remote work, and in many cases remote hiring, has also made it easier for these kinds of scams to flourish, said Steve Grobman, senior vice president and chief technology officer for McAfee.
Fake companies were just easier to spot when people interviewed for jobs in person, he said. Scammers just can't create a full-blow, in-person office environment, but it's not hard to duplicate a real company's website and carry out interviews by Zoom.
With the less sophisticated scams, emails, texts and other messages can be sent out by the millions, Grobman said.Many of them will get sucked up by spam filters, or immediately deleted by those who receive them, but a few will inevitably get through and be responded to.
"I think a lot of it is a numbers game, he said. "There doesn't have to be a high success rate for the criminals for it to be lucrative for them.
What's perhaps more frightening are the more targeted scams where cybercriminals will research a job-seeker's background and qualifications, then reach out to them individually through a major job site like LinkedIn, often through a fake account that impersonates a recruiter or a real company.
While security experts generally advise social media users to make their accounts private, restricting their circle of "friends" to people they actually know and limiting the amount of personal information that they share, that just doesn't work when it comes to networks like LinkedIn.
By design, those sites encourage users, especially if they're actively seeking a job, to post oodles of details about their work histories and to make connections with others they've worked with in the past, or that work in the same industry.
That gives cybercriminals plenty to work with, Nash said.
"The more we interact on LinkedIn and other profiles, the more vigilant we have to be," he said, adding that while LinkedIn tries very hard to keep scammers and fake accounts off its network, it faces a never-ending game of Whac-a-Mole.
In a statement to CNET, Oscar Rodriguez, LinkedIn's vice president of trust, privacy and equity, noted that the company is constantly investing in new tech solutions designed to keep its users safe, acknowledging that there has been a scam activity across the internet over the last several months.
"We have the technology, including artificial intelligence systems, and teams of experts to stop the majority of fraudulent activity before you ever see it," he said.
Rodriguez pointed to the recent roll out of new tools focused on user safety, including the ability to see if an account has a verified phone number or email, making it easier for users to spot and avoid sketchy job posts.
LinkedIn also noted in its most recent transparency report that during the first half of 2022 its automated defenses managed to spot the vast majority of fake accounts (16.4 million) when cybercriminals attempted to register them, with another 5.4 million proactively restricted by its tech and staff before they were reported by users. In all, just 190,000 fake accounts were reported by LinkedIn users during the six-month period.
An example of a fake job recruiter profile posted to LinkedIn.
In the past, those kinds of targeted scams have been tough for cybercriminals to pull off thanks to the large amount of time and effort required, but both Nash and Grobman expressed concern that the rise of artificial intelligence software like ChatGPT could change that, allowing cybercriminals to create customized and extremely believable fake profiles, posts and messages at a massive scale.
Regardless, Nash said he expects these kinds of scams to continue to increase until the job market turns around. In the meantime, job seekers need to be prepared to accept that a lot of the "great opportunities" they'll come across are actually fakes.
"The faster we can accept that, the faster we can move on to the next job," he said.
Tips for spotting employment scams
Be skeptical of unsolicited offers. Yes, legitimate companies reach out to potential candidates through job sites like LinkedIn, but they're probably not going to send you a random email, text or Facebook message. If a job's salary, benefits and other perks seem too good to be true, or if they're pushing a job that you're not remotely qualified for, steer clear.
Verify who you're dealing with. Regardless of how it comes, make sure that the person reaching out to you is who they say they are. If they claim to be a recruiter for a company, email the company's human resources or recruiting department to make sure, Nash said. Don't worry, they won't be offended or penalize you for being careful.
Check to make sure that the job is also posted on the company's company's website, Grobman said. When you do apply, send your information straight to the company, rather than the recruiter or a third-party site.
Check out the company, too. It's not hard to set up a convincing fake website, along with accounts on job and social media sites. If you've never heard of the company, make sure they're registered in the state they say they are, Nash said.
If a company doesn't want to at least do a Zoom interview and only communicates through email or messaging services, it's likely a scam, he said.
Ideally, go visit the company's offices, Grobman said. But even if the entire process is online, the company should still have you interview with a handful of people that you can vet online and cross reference with information on the company's website.
Requests for money are a big red flag. Legitimate companies won't ask you to pay an application fee, or charge you for equipment before you can start work, Nash said. It's probably a ploy to get your money or credit card number.
Be protective of your Social Security number. Scammers may say they need it for a background check or to get you on the payroll. Never hand it over until you have a job offer in hand and know that you're dealing with a real company.
Official documents should be sent through software like DocuSign, Nash said. If anyone asks you to fax your information, it's probably a scam.
There's no reason to rush. The hiring process can often be a long one, so be wary of any company that seems to be in a rush and is pressuring you to hand over information or money. Companies that want to hire you without at least one formal interview probably aren't legit, Grobman said.
Limit what you share online. Remember when people used to put their phone numbers and home addresses on their resumes? If you're still doing that, don't, Nash said. If there's an old version of your CV posted to a job site you don't use anymore, take it down.
On platforms like LinkedIn, only accept connection requests from people you actually know, Grobman said.