As ProPublica has reported, cybercriminals are flooding the internet with fake job ads and even bogus company hiring websites whose purpose is to steal your identity and use it to commit fraud. It’s a good reminder that you should vet potential employers as closely as they vet you.
Here are ten tips on how to spot such scams:
One of the ways criminals entice people is by advertising unusually generous pay. If the salary being offered in a job ad is way above what you see in other ads for similar positions, be wary. You can get an idea of average weekly earnings by industry using the Quarterly Census of Employment and Wages or check out salary calculators on websites such as Glassdoor.
Sometimes cybercriminals obtain the contact information of people who have submitted their résumés to job-seeking websites and then email them to say they are preapproved for a job.
These are bogus messages whose main purpose is to get people to share additional information, which the scammers will use to commit fraud. The emails may also include malware that can infect your computer. Ignore such messages and don’t open any attachments.
Ads that demand you share your driver’s license or Social Security number as part of an initial application, or very soon after, are a significant red flag. Legitimate employers rarely request such information until much later in the hiring process.
Cybercriminals sometimes reuse the same job ads over and over, posting them on LinkedIn, Facebook, and other online platforms with only slight modifications. If you spot an ad that features virtually identical language to that used by various employers all over the country, it could be a scam.
Cybercriminals are creating fake profiles on LinkedIn and Facebook meant to resemble individuals at real companies who are posting job ads. One clue: a person claiming to work for a company in the U.S. while showing check-ins at locations in other countries.
When in doubt, contact the companies directly to ask if they’re actually recruiting for the positions. If they’re not, report the suspect profiles to LinkedIn and Facebook.
When you vet companies, be aware that cybercriminals sometimes steer potential applicants to fake websites they’ve created that mimic the sites of real companies — except that, say, an extra letter has been added to the company’s name.
When job applicants can’t spell a company’s name right in a cover letter, recruiters are apt to toss those applications in the trash. Do the same with any companies that seemingly can’t spell their own names.
The pandemic has made it necessary for many employers to conduct job interviews remotely via services like Zoom. But be cautious of hiring managers who insist on communicating only by email or text or using messaging platforms such as Telegram to conduct interviews.
Sooner or later, a real employer will want to see and interact with a recruit, whether through a video call or in person. Cybercriminals typically don’t want you to hear their voices or see their faces, since it raises the chances you’ll realize they’re not who they say they are.
A real employer doesn’t need to know your credit card number, credit score, or phone account login to process your job application. Cybercriminals sometimes ask for such information up front to commandeer your phone and finances, often under the pretense of needing to set you up with a company phone plan or purchase equipment you’ll need to do your job (see next item).
Beware of companies that, before you’re hired, offer to send you a check to purchase a computer or other equipment. It’s a variation on an old scam that involves criminals asking marks to send their own money to some third party with the promise that they will reimburse the marks. Inevitably, the reimbursement doesn’t come through, and the mark is left holding the bag.
If at any point in the job application or interview stage something feels wrong to you, don’t ignore the feeling. Ask yourself if you see any of the warning signs outlined above. Or pause and ask a trusted friend or relative for a reality check.