Constantly Vigilant

It’s a windy August morning in Edinburgh and I'm sitting writing this blog having seen a number of scam warnings from trusted contacts on LinkedIn already today.

The current and very regular one I'm seeing is someone pretending to be an employee of a company (often very large and successful) reaching out to recruitment companies asking for services.

In a tough market it’s often very difficult for recruiters trying to develop new business not to be excited by a "call in" customer asking for help, seemingly very impressive and keen to give you their business.

This scam (which from a cursory bit of research seems very prevalent) is typically a "company" asking for permanent recruitment services, including in some cases, briefing calls with a number of "employees", legitimate looking email addresses and numbers. What often than happens is within a short period of time, a request for a contractor or indeed 3 seems to follow and in most cases, some names of people to try to contact on their behalf to payroll.

What this means is that a recruiter now looks like not only getting some permanent roles to work but also the promise of some recurring contractor revenue which even the most successful recruiter won't want to turn down.

What can then happen, if this approach isn't picked up by client onboarding processes, you can potentially end up "payrolling" some contractors (who all will pass vetting as they will be faking real peoples details) and being significantly out of pocket chasing client payment for a company that may exist but has no knowledge of you or your company.

I've heard and seen on LinkedIn of so many companies falling foul of this scam and unless your business has the processes in place to catch this type of approach, it can be a very costly exercise either simply wasting a lot of time (and therefore money) by working non existent roles for a fraudulent company.

In fact, less than a week ago one of my team was approached for "business" by a very well established company who's own website has a page dedicated to responding to this type of fraudulent recruitment activity. It literally said "Recently we have discovered incidents of fraudulent parties posing as XXXXX executives or recruiters, seeking to engage with job-seekers on various online job search sites. These unauthorized individuals are using XXXXX’s name and logo – and in some cases the images and titles of certain HR executives..."

I've since found 3 other companies using pretty much the same text as they are suffering the same problem which will only get worse as AI and sophistication of scammers increases.

What can you do:

The obvious one is to update your internal procedures for onboarding new business. We have a department at Head Resourcing (called Validify) that runs all the required checks to ensure whoever we look to do business with is a legitimate company and I would pay extra special attention to in-bound requests.

Ask yourselves; why did they come to us? what form did the contact take? who did they reach out to and why? Then, check contact details with your internal IT team to ensure its going to the correct place, do various credit checks & company checks to validate the company and that the "employee" works there and most importantly record the video calls for your own records.

Company checks:

Companies House is the place for all limited companies in the UK but it is worth noting that barring some initial company director checks, it does not validate each company as accurate and above board. It was only recently I found out that Companies House does not have any policing mandate and indeed financial data provided is self published - Therefore I would really question how credit checking agencies that use Companies House’s data are valid or worthwhile but that's for another day.

In general, these types of scams just highlight the need for all of us to be constantly vigilant and the minute we feel comfortable we probably need to refresh our procedures once again. In the cyber world we are always told that everyone will get hacked and sometimes the most simple of human scam can have as devastating effect as the most complex cyber hack.