Job Phishing & Social Engineering Scams Target Job Seekers

In December 2022, many people in my network were laid off due to cutbacks. Already experiencing a difficult time in the middle of the worst inflation period and rising housing costs, people are waiting over a month for unemployment and compensation packages to be paid out due to holiday slowdowns. Many job seekers were eager to hear back from anyone regarding a new job opportunity. Unfortunately, amongst the silence over the holiday season from recruiters and hiring managers, lurked phishing scammers disguised as a mid to large company that found out you were laid off and was interested in you. Literally, wolves in sheep's clothing.

The only thing is, you don't know it yet. You get excited and quickly jump to polishing your resume to meet their requirements and take time to carefully craft answers to their pre-interview questions. Some questions seem a bit too forward, but you press on as some companies are quirky and you're unemployed, so you don't want to make a fuss and carry on. Well, that is what the Phishers and Social Engineers are counting on! You might get an email saying you are hired and they love you and need your social security number or other personal information such as a bank account so they can set up your direct deposit. STOP. Don't do it! Can you only imagine how worse things could get financially if someone were to get a hold of your bank account?

Let's talk about the concepts of Phishing and Social Engineering:

Phishing and social engineering are related concepts, but they are not the same thing. Phishing is a type of cyber attack that involves sending fake emails or text messages that appear to be from a legitimate source, in an attempt to trick the recipient into revealing sensitive information, such as login credentials or financial information. These attacks are often carried out on a large scale and can be difficult to detect. Social engineering, on the other hand, refers to the use of psychological manipulation to influence someone to divulge sensitive information or perform actions that may not be in their best interest. This can take many forms, such as pretexting (impersonating someone to obtain information), baiting (offering something desirable to obtain information), or scareware (using fear to obtain information).

How do Scammers Use Social Engineering?

Scammers can use social engineering techniques to manipulate job seekers and steal their personal or financial information. Some common tactics that scammers use include:

1. Impersonating a legitimate company: Scammers may create fake job postings or email accounts that appear to be from a legitimate company and use them to communicate with job seekers. They may ask for personal information or request payment for things like background checks or training materials.
2. Offering unrealistic job opportunities: Scammers may offer job seekers unrealistic opportunities, such as high-paying jobs with little experience required, in order to lure them in and gain their trust.
3. Asking for personal information: Scammers may ask job seekers for personal information, such as social security numbers, bank account numbers, or passport numbers, under the guise of "verification" or "background checks". This information can be used for identity theft or other fraudulent activities.
4. Pressuring job seekers to act quickly: Scammers may pressure job seekers to act quickly or make decisions without fully thinking things through. This can be especially effective when the scammer is offering an unrealistic job opportunity or requesting personal information.

To protect yourself from social engineering scams, it's important to be cautious and do your research before accepting a job offer or providing personal information. Verify the legitimacy of the company and the job, and never provide personal or financial information unless you are confident that it is a legitimate request. If something seems too good to be true, it probably is.

How Do Scammers Use Phishing Against Job Seekers?

Phishing is a common tactic used by scammers to obtain personal and financial information, and job seekers are often targeted. A phishing attack may come in the form of an email or a message through a job search website, and it typically involves the attacker posing as a legitimate company or recruiter in order to obtain sensitive information.

Here are some tips to protect yourself from phishing attacks as a job seeker:

1. Be cautious of unsolicited emails or messages: If you receive an email or message from a company or recruiter that you didn't initiate contact with, be wary. It's possible that the message is legitimate, but it could also be a phishing attempt.
2. Look for red flags: Scammers often use poor grammar and formatting, common emails such as Gmail or AOL, and they may include urgent language or requests for sensitive information. If an email or message seems suspicious, it's best to ignore it or delete it. They might even offer a job to you without interviewing you.
3. They ask you to fill out pre-interview questionnaires under the guise of getting to know you. Getting to know you gives them more intel on you and any personal information to help them scam you further. Some scammers go for the short game, however, I have seen them also go for the long game wanting your social, date of birth, or more for application identification in order to be submitted to the client. Don't give out this information.
4. Don't click on links or download attachments from unfamiliar sources: Phishing attacks often include links or attachments that, when clicked, will download malware onto your device. Be cautious about clicking on links or downloading attachments from sources you don't trust.
5. Use a secure job search website: When searching for jobs online, use a reputable and secure job search website. This will help protect your personal information and reduce the risk of phishing attacks.
6. Don't share personal information: Be wary of sharing personal information, such as your social security number or bank account information, with anyone online. Legitimate companies will not ask for this information upfront.

To report fake jobs on LinkedIn or Indeed.com, follow these steps:

1. Go to the job posting that you believe is fake.
2. Click the three dots in the top right corner of the job posting or the report flag.
3. Click "Report this job."
4. Select "This job is fake or a scam."
5. Click "Submit."

LinkedIn will review your report and take appropriate action. It's also a good idea to let LinkedIn know if you've been contacted by someone claiming to represent the company in the job posting, as they may be trying to scam you.

You can also report these scams to the Federal Government (FTC): Report Scams and Frauds | USAGov

By following these tips, you can protect yourself from social engineering and phishing attacks and keep your personal information safe while job searching. If you know someone who is currently looking for a new job, please send them to this article to help protect them from bad actors so they can have a fruitful job search. I plan to write a follow-up article to this on how fake recruitment firms are using phishing and social engineering to apply for companies in your name without your consent and are submitting another candidate posing as yourself with your details.

Please subscribe to my newsletter and follow me on LinkedIn if you like this and wish to see more content.

Happy and SAFE job hunting!