FBI’s Internet Crime Complaint Center (IC3) has issued a warning against scammers trying to steal money as well as personal information by running phishing campaigns targetting job seekers. The campaigns are being run using fake advertisements posted on recruitment platforms,
According to the FBI, the average reported loss per victim is around $3000 since early 2019. Many victims also said that their credit scores were impacted negatively by the scheme.
The FBI has given out a list of recommendations and precautions for employers and job seekers alike while also adding identified instances of threat actors impersonating companies and posting illegitimate jobs on networking sites.
This isn’t the first time the FBI has issued a warning against these kinds of frauds. A similar warning was issued in January 2020, stating that criminals were spoofing companies’ sites to steal money from job applicants and personally identifiable information.
Scammers can easily add credibility to fraudulent posts by using publicly available information from a legitimate business, threatening reputational harm to the businesses in question and financial loss to job seekers.
Recruitment websites lack strong verification standards, allowing scammers to create job listings that impersonate legitimate companies easily.
According to the FBI, “fraudulent job listings include links and contact information that direct applicants to spoofed websites, email addresses, and phone numbers controlled by the scammers where the applicant’s personal information can be stolen and then sold or used in additional scams”.
The following recommendations were also issued for job seekers:
- Verify job openings by contacting the HR representatives at the company directly.
- Sear results for a hiring company that return multiple websites can be fraudulent listings.
- Don’t provide credit card, Social Security, or other PII before being hired. Legitimate companies only ask for PII and banking related information after hiring employees. Additionally, this information is safer to exchange in-person.
- Don’t send money to someone you’ve met online, especially via wire transfer.
- Before entering any PII online, check to see if the site is encrypted by noting the URL. It should begin with ‘https://’ and not ‘http://’.
In the News: CSVs and Excel can now deploy BazarBackdoor on your PC