Beware of Job Scams
Here is yet additional information that I wanted to share, and we all should be aware of,?The old "Job Post."?As we move into the hot days of summer and enjoy the weather, the bad guys are still at work. All I can think about are the young adults coming out of college looking to start their careers. Some are doing internships working small jobs at local restaurants, and others are going straight to the job market; it is the career they are looking for. So, where do they turn? When I left college, I went to the wanted ads, yes the wanted ads, called the number, got the interview, and the rest was history. It is a different ballgame today. Here are some excerpts I gleaned from the weekly publication sponsored by the (NJCCIC) New Jersey cybercrime and communications integration cell, of which I am a member and receive their weekly bulletins. This particular publication motivated me to post it so you can all read about the callousness and heartless attempts of bad actors to ruin lives before they get started. Please let your children who go off to seek employment read this. My daughter did. What I got was a wow, dad, thanks, but what's wrong with these people??
So, as we know, job vacancies are advertised on popular online employment boards and websites, in newspapers and other publications, or directly via communications such as email, social media, or SMS text messaging. Threat actors may spoof company websites and post fraudulent job vacancies to pose as legitimate employers. They may also target job seekers with?scams to click links?to fraudulent employment websites. The job seeker opens the attachments falsely labeled as resumes or other employment information. With that, the delivery of malware, stealing funds, participating in illegal activities such as money laundering, or collecting personally identifiable information (PII) that can be used to further commit malicious activity and fraud. Tactics and techniques used in job scams include urgent requests to respond, offers that are?"too good to be true,"?and the impersonation of human resources recruiters, talent acquisition personnel, and department managers.?
?Examples?of job scams include work-from-home or remote work, nanny, caregiver, virtual personal assistant, mystery shopper, job placement service, and government and postal positions. Job scams are increasing, as the?Federal Trade Commission?reported?receiving more than double the number of job scams in 2021 compared to 2020, and more than 16,000 complaints have been filed in the first quarter of 2022.?
The NJCCIC continues to receive reports of job scams targeting individuals in New Jersey, especially students at colleges and universities who may be more open to flexible, remote work opportunities and the promise of quick cash.?Young adults, especially high school and college students and university graduates, typically lack real-world experience in the professional workforce and could be more inclined to fall for job scams.?Threat actors are targeting?new?graduates?or current students seeking?summer?employment?or upcoming fall positions.?In the example above, the job vacancy and subject line convey a sense of legitimacy from a trusted source by claiming to be for a personal assistant position in the fall for the Federal Work-Study Program, despite the "Employment" display name and the Gmail sender email address. Victims who viewed the message on a mobile device saw only the spoofed display name and not the associated Gmail email address; therefore, they may be more inclined to deem the communication legitimate. Additionally, the email includes an attachment containing more information about the alleged position and instructions to respond to an AOL account with their full name, address, phone number, age, and email address. One victim stated that once they submitted their information, they received a text message from an unknown number to confirm their identity. Threat actors can use the submitted information to contact victims and commit further malicious activity and fraud. The FBI?warned?of the use of stolen PII and?deepfakes?to apply for remote work positions, such as information technology and computer programming, database, and software-related job functions with access to PII, financial data, corporate databases, and proprietary information. During the interviews, the threat actors posing as applicants used voice spoofing or voice deepfakes. The visual actions, such as lip movement, were not in alignment with auditory actions.
?The NJCCIC recommends users and organizations reduce victimization by educating themselves and others on these continuing threats and tactics. Users are advised to avoid clicking links and opening attachments from unknown senders and exercise caution with communications from known senders. If a message's legitimacy is unknown, contact the sender via a separate means of communication – such as by phone – before taking any action. Navigate to websites directly by manually typing the URL into a browser instead of clicking on links delivered in communications to ensure you are visiting a legitimate website and verifying the posted job opening. In addition, job seekers are advised to research potential employers and businesses before responding or providing sensitive information. Requests for PII, such as a Social Security number or bank account number for direct deposit, should be considered a red flag when requested at the beginning of the application process. Also, be wary of interviews conducted remotely and over email only. If hired, ask for an employment manual or handbook, as threat actors typically cannot provide these documents. Please review the?Identity Theft and Compromised PII??NJCCIC informational report for additional recommendations and resources, including information on credit freezes and enabling multi-factor authentication (MFA) on accounts.
?I hope this information helps. Have a great summer. Be safe, Steven Crociata!