Perry Carpenter is Chief Evangelist for KnowBe4 Inc., provider of the popular Security Awareness Training & Simulated Phishing platform.
Threat actors are constantly devising new tactics to commit fraud and threaten the security of people and organizations. The employee recruitment and hiring process is no exception. To fraudsters, it represents just another opportunity for scammers to gain unauthorized access to sensitive information.
Whether you’re actively seeking a new job or open to career opportunities, it’s important to recognize the potential for fraud in hiring that could put personal information at risk. This fraud comes packaged in various forms, such as:
• Fake job postings. They may look legitimate, but they’re designed to fool people into revealing personal information—or even paying a fee for some aspect of the recruitment process.
• Phishing emails. Emails requesting you to provide personal information during the hiring process. Legitimate employers will not ask for information like your Social Security Number before you’re hired.
• Requests for personal information once you’ve connected with a “recruiter.”
Like all things, if it seems too good to be true, it probably is. Even at times when things may seem plausible, you need to approach this process with a high degree of scrutiny. Realize that you may be in a more heightened and open emotional state than usual as you dream about your next opportunity.
The Employment Scam Landscape
While employment scams can be traced back more than a decade, they’re becoming more prevalent and more pervasive, as technology has evolved to allow for things like deep fake audio and video or the ability for someone to pretend they’re somebody else in the digital realm.
In 2019, for example, cyber criminals got creative setting up social media company pages pretending to represent large defense contractors. Defense contractors recruit people with security clearances—people whose personal information is obviously highly valued and prone to misuse if fallen into the wrong hands.
In April 2021, the FBI issued a bulletin warning that “cyber criminals are using fake job listings to target applicants’ personally identifiable information.” Why? Because “criminals leverage their position as ‘employers’ to persuade victims to provide them with personally identifiable information, become unwitting money mules, or to send them money.”
These scams are fairly widespread. LinkedIn’s recruiting platform is widely used by honest recruiters and potential employees. Unfortunately, not all of those recruiters are real. Between January 1 and June 30 of last year, the platform detected and removed 21 million fake LinkedIn profiles.
These bad actors—and there are plenty of them—also use techniques like literally copying the careers pages of well-known companies. As with email phishing attempts, though, if you look closely at the URLs of these bogus websites, you can often see they are different from the company’s genuine website.
Keeping Yourself Safe
Let’s look at some common red-flag scenarios you might find yourself in while on the job market:
• You’ve been approached by a recruiter who says that you’re a great candidate for the job and you just need to complete a few tests. But first, you need to purchase a laptop. “Just click on this link…” Do not click the link.
• Or, they may say, just pay for this certification and you’ll get the job. No, again.
• Or, perhaps something as seemingly innocuous as asking for your home address or information about your family. And, of course, any recruiter or potential employer who asks for your Social Security number or bank information should get a firm “No.”
What can job seekers do to protect themselves? Here are five simple steps:
• Examine the email address of anyone who approaches you. Does it use the same format/nomenclature as the genuine company website?
• Go to the company’s website and search for the person who alleges an affiliation with the business they claim to represent.
• Keep a spreadsheet of all the jobs you’ve applied for so that you can verify if you are approached by someone who says, “You applied for a job with our company.”
• Cultivate a network of trusted recruiters—people you can go to for their perspective on the validity of any offers or inquiries you receive.
• Ask for a second opinion from a friend or someone you trust. Do they see any red flags? It’s amazing how much perspective you may be able to get from someone who isn’t as emotionally invested in the outcome as you are.
Employment scams aren’t going away any time soon. As the world of remote and hybrid work continues, and as technology continues to advance and evolve, fraud in hiring is likely to increase.
Awareness of these types of fraud is always the logical first step. Stay alert. Do your research. Ask questions and be mindful of anything that seems suspicious or a bit “off.”
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
Read the full article here