With millions of Americans looking for work or working from home due to the novel coronavirus (COVID-19) crisis, the FBI has seen an uptick in fake job and hiring scams from opportunistic cybercriminals.
Fraudsters have been leveraging their purported positions as faux “employers” to persuade victims into believing they had a new job in an effort to steal their personal information or to get them to send money.
According to the FBI, “fake job scams have existed for a long time but technology has made this scam easier and more lucrative. Cybercriminals now pose as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards.”
The scam involves fraudsters conducting false interviews with applicants, who then request personal information or money that can be transferred to a private location.
Criminals first spoof a legitimate company’s website by creating a domain name similar in appearance to a legitimate company, the FBI said. They then post phony job openings on popular job boards that direct applicants to the spoofed sites.
Applicants can apply on the spoofed company websites or directly on the job boards. Applicants are then contacted by email to conduct an interview using a teleconference application.
According to victims, cybercriminals impersonate personnel from different departments, including recruiters, talent acquisition, human resources, and department managers.
Victims will then later be offered jobs, where the applicants can work from home. In order to appear legitimate, the fraudsters send victims an employment contract to physically sign, and also request a copy of the victims’ driver’s licenses, Social Security numbers, direct deposit information, and credit card information.
According to the FBI, since 2019, victims have reported numerous examples of this scam to the FBI, with the average reported loss at nearly $3,000 per victim, in addition to the damage to the victims’ credit scores.
"While hiring scams have been around for many years, cybercriminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity,” the FBI noted. “Criminals often lend credibility to their scheme by advertising alongside legitimate employers and job placement firms, enabling them to target victims of all skill and income levels.”
The FBI offered tips to help avoid becoming a victim of a job scam:
- Conduct a web search of the hiring company using the company name only. Results that return multiple websites for the same company (abccompany.com and abccompanyllc.com) may indicate fraudulent job listings;
- Legitimate companies will ask for PII and bank account information for payroll purposes AFTER hiring employees. This information is safer to give in-person. If in-person contact is not possible, a video call with the potential employer can confirm identity, especially if the company has a directory against which to compare employee photos;
- Never send money to someone you meet online, especially by wire transfer;
- Never provide credit card information to an employer;
- Never provide bank account information to employers without verifying their identity;
- Never share your Social Security number or other PII that can be used to access your accounts with someone who does not need to know this information;
- Before entering PII online, make sure the website is secure by looking at the address bar. The address should begin with “https://”, not “http://”;
- However: criminals can also use https:// to give victims a false sense of security. A decision to proceed should not be based solely upon the use of “https://”.
Click here to sign up for Daily Voice's free daily emails and news alerts.