Scam of the Week: Cybercriminals Target Job Seekers Using Spoof Websites

January 31, 2020 10:09 am Natasha Deeney

Job seekers are being warned about fake job listings on spoof company websites. While hiring scams have been around for many years, cybercriminals are using increasingly sophisticated methods to trick victims with fake company websites, to harvest their personal information and steal money.

We’ve all heard the phrase ‘if it’s too good to be true then it probably is’ but when you’re focussed on getting a new job, there’s a desire to believe that all details are legitimate. This is what the fraudsters rely on to manipulate people’s emotions and exploit unwitting victims.

Last year, job scams and employment fraud totalled nearly $1.7 million, up from the 2,841 reports in 2018, with financial losses totalling more than $1.5 million. Figures from SAFERjobs, a not-for-profit e-crime organisation, and job site CV-Library have revealed that students and graduates are a particular target for those pretending to advertise and offer employment. In fact, one in three job scam victims currently attend university or have graduated in the last year.

Typically the scam starts with a fake employment opportunity posted on a legitimate job site with a link to a counterfeit company page that impersonates large corporations such as Amazon, Quest Diagnostics and United Nations. The job seeker is then emailed with an offer to participate in a teleconference ‘interview’ from a fake HR department and formally offered a job, usually in a work at home capacity.

In order to add legitimacy, the criminals send victims a contract to physically sign and then request their national insurance number, a copy of their identification and a credit card fee to cover any background checks, which they are told will be reimbursed by their new employer. Of course, this will not happen as there is no job. With this information, the scammers then stop all communication with the victim. The stolen data can then be used to try and impersonate victims, apply for credit cards and bank loans, make medical and unemployment claims and even sell on the dark web.

Recent reports suggest that information such as passport details, payment service logins, and driver license numbers can be sold from anywhere from £1.00 up to £1,000.

How to Avoid Employment Fraud

When it comes to protecting yourself against a scammer’s efforts to trick you into giving away sensitive information, you should follow the below guidelines:

  • Carry out a quick Google search of the company and be aware of any job postings that appear on job boards, but not on the company’s website. Results that return multiple websites for the same company may indicate fraudulent job listings.
  • Only participate in interviews in person or through a secure video call.
  • Be wary of employers making contact using non-company email domains and teleconference applications.
  • Check any documents for poor spelling and grammar – this is often a sign that fraudsters are at work.
  • Only provide financial information such as bank account details after being hired and in person.
  • Never provide your credit card information to an employer.
  • Never share personal information that can be used to access your personal accounts.

MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.