 |
| Cybercriminals are looking to make the most of job-seek desperation. |
There are lots of jobs offered online that promise good salary and benefits, flexible hours, and the chance to work from home with no prior experience necessary. The thing is, most of them are scams.
Cybersecurity experts believe job frauds are on the increase, fueled by recent layoffs in the IT and other sectors.
Falling for the frauds might have huge implications. Job searchers stand to lose valuable funds at a time when they can least afford it, along with their most personal information, perhaps putting them up for identity theft or other sorts of fraud down the future.
Many people know to be automatically suspicious of job pitches that come in the form of unsolicited emails and texts, but scams are also showing up on job sites like LinkedIn, or as posts to Facebook groups and other social media, giving them a veneer of false legitimacy that makes them more likely to dupe job seekers.
Meta, the parent corporation of Facebook, didn't reply to several requests for comment for this article.
Meanwhile, when things are difficult, individuals are more prone to dismiss what may normally seem like clear red signs, said AJ Nash, vice president of intelligence at the cybersecurity startup ZeroFox.
"They're preying on individuals who are incredibly eager or really needy," Nash said, stressing that in addition to the newly unemployed, recent college grads might also be targets. "Some folks are simply going to suspend their disbelief."
Often, the fraudsters may ask for money to pay for application fees or start-up equipment, or sensitive private information like Social Security numbers to put the job-seeker on the payroll or complete a background check. It's nearly always a fraud, Nash added.
The continuous trend to remote labor, and in many instances remote employment, has also made it easier for these sorts of frauds to grow, said Steve Grobman, senior vice president and chief technology officer at McAfee.
Fake firms were simply simpler to recognize when individuals applied for positions in person, he claimed. Scammers merely can't construct a full-blow, in-person office atmosphere, but it's not hard to copy a legitimate company's website and conduct out interviews through Zoom.
With the less complex schemes, emails, SMS and other communications may be blasted out by the millions, Grobman added. Many of them will be sucked up by spam filters, or quickly deleted by individuals who receive them, but a few will undoubtedly get through and be reacted to.
"I believe a lot of it is a numbers game, he added. "There doesn't have to be a high success rate for the criminals for it to be beneficial for them.
What's possibly more terrifying are the more targeted scams where hackers would investigate a job-past seeker's and skills, then reach out to them personally via a big employment site like LinkedIn, typically using a phony account that impersonates a recruiter or a legitimate organization.
While security experts normally encourage social media users to keep their accounts private, confining their circle of "friends" to individuals they really know and limiting the amount of personal information that they publish, that simply doesn't work when it comes to networks like LinkedIn.
By design, such platforms encourage users, particularly if they're actively seeking a job, to publish reams of data about their work histories and to build connections with those they've worked with in the past, or that work in the same field.
That offers attackers enough to work with, Nash said.
"The more we connect on LinkedIn and other profiles, the more attentive we have to be," he said, adding that although LinkedIn works extremely hard to keep fraudsters and phony identities off its network, it confronts a never-ending game of Whac-a-Mole.
In a statement to CNET, Oscar Rodriguez, LinkedIn's vice president of trust, privacy and equity, stated that the business is continually investing in innovative tech solutions aimed to keep its members secure, noting that there has been a scam activity throughout the internet over the previous few months.
"We have the technology, including artificial intelligence systems, and teams of professionals to block the bulk of fraudulent activity before you ever see it," he added.
Rodriguez referred to the recent roll out of new features targeted on user safety, including the ability to verify whether an account has a confirmed phone number or email, making it simpler for users to recognize and avoid suspicious job listings.
LinkedIn also noted in its most recent transparency report that during the first half of 2022 its automated defenses managed to spot the vast majority of fake accounts (16.4 million) when cybercriminals attempted to register them, with another 5.4 million proactively restricted by its tech and staff before they were reported by users. In total, only 190,000 bogus accounts were reported by LinkedIn users throughout the six-month period.
In the past, those kinds of targeted scams have been tough for cybercriminals to pull off thanks to the large amount of time and effort required, but both Nash and Grobman expressed concern that the rise of artificial intelligence software like ChatGPT could change that, allowing cybercriminals to create customized and extremely believable fake profiles, posts and messages at a massive scale.
Regardless, Nash said he expects these sorts of frauds to continue to proliferate until the employment economy comes around. In the meanwhile, job searchers need to be prepared to accept that a lot of the "amazing possibilities" they'll come across are really fakes.
"The earlier we can accept it, the faster we can go on to the next job," he remarked.
Tips for recognizing employment frauds
Be careful of unsolicited offers. Yes, reputable firms reach out to prospective applicants via employment sites like LinkedIn, but they're generally not going to send you a random email, text or Facebook message. If a job's compensation, benefits and other advantages seem too good to be true, or if they're promoting a position that you're not remotely qualified for, walk away.
Verify who you're working with. Regardless matter how it arrives, be sure that the individual reaching out to you is who they claim they are. If they pretend to be a recruiter for a firm, contact the company's human resources or recruitment department to be sure, Nash said. Don't worry, they won't be insulted or punish you for being cautious.
Check to make sure that the position is likewise advertised on the company's company's website, Grobman advised. When you do apply, submit your information immediately to the employer, rather to the recruiter or a third-party site.
Check out the firm, too. It's not hard to build up a realistic phony website, coupled with profiles on employment and social networking sites. If you've never heard of the firm, check sure they're registered in the state they claim they are, Nash said.
If a corporation doesn't want to at least perform a Zoom interview and just interacts via email or messaging systems, it's likely a fraud, he said.
Ideally, go visit the company's premises, Grobman added. But even if the whole process is online, the firm should still have you speak with a number of individuals that you can verify online and cross reference with information on the company's website.
Requests for money are a significant red flag. Legitimate organizations won't ask you to pay an application fee, or charge you for equipment before you can start work, Nash added. It's probably an attempt to acquire your money or credit card information.
Be watchful with your Social Security number. Scammers may suggest they require it for a background check or to get you on the payroll. Never pass it over until you have a job offer in hand and know that you're working with a legitimate organization.
Official papers should be delivered using software like DocuSign, Nash added. If someone asks you to fax your information, it's usually a hoax.
There's no need to haste. The employment process may frequently be a lengthy one, so be aware of any organization that appears to be in a haste and is pressing you to give over information or money. Companies that seek to recruit you without at least one formal interview typically aren't authentic, Grobman said.
Limit what you disclose online. Remember when people used to put their phone numbers and home addresses on their resumes? If you're still doing it, don't, Nash said. If there's an outdated version of your CV uploaded to a job site you don't use anymore, take it down.
On services like LinkedIn, only accept connection requests from individuals you genuinely know, Grobman added.