The internet has become a breeding ground for scams and scammers. This is not a new trend, nor is it surprising. With the anonymity afforded to those who know how to abuse the world wide web, we all must approach our online presence with an abundance of caution. This is never more evident than when scammers take advantage of the holiday season, and job seekers are affected by recent layoffs. If you are on LinkedIn, search for “Job Scams,” and you will see how bad it has gotten.
While browsing through my LinkedIn feed, I came across two posts. The first was a member relating their story of a “recruiter” contacting them for a position that perfectly fits their skills. The “recruiter” stated they were representing a company with a legitimate opening, as verified by the poster. Unfortunately, the “recruiter” was an imposter who had created a fake LinkedIn profile to match the company offering the position. After accepting an offer and providing eligibility for employment documentation, the poster is now dealing with multiple instances of credit fraud.
Later that evening, I read a post from a connection, sharing a similar experience. An email from a prospective employer stating that their skills were a perfect fit for an open position. In this case, several triggers caused my connection to be wary. The email encouraged them to apply online but did not provide a URL. When a response arrived to their inquiry asking how to apply, the sender included a PDF file with instructions. Sending an attachment that has to be opened by the recipient is another clue here. Even PDF files can deliver a payload.
The PDF instructed her to download a third-party chat app (red flag #2) and to contact with user identity number (red flag #3). The user requested an interview ID, also included in the doc, and once confirmed, offered to interview via a text chat (red flag #4). At this point, my contact knows something is definitely “off.”
They try to find a LinkedIn profile for the person who contacted them, but it remains empty. At this point, they also realize the email with the instructions comes from a domain other than the hiring company. While both are not necessarily bad, they do cause additional concern. Further attempts to verify the identity of the email sender and the chat responder go unanswered. My contact wisely decides to end the conversation.
Having just experienced a layoff, I understand the toll it can take on those affected. Keeping an optimistic outlook about the job market while also fending off these predators looking to take advantage is hard, but some simple advice can help.
Be skeptical; it is ok to take the “trust but verify” approach. Never open attachments unless you know who is sending them. Always insist on a phone or video call to discuss an opportunity. If you do a video call, apply a background masking filter. You don’t want to share any identifying information via video accidentally. Use your network, these are likely folks you know and trust, and they will want to see you succeed. If you were part of a significant layoff, start a private group on LinkedIn and invite others who were affected by the same company. As you all work to find your next position, you may uncover opportunities for others, and you can share those. This group can also be an effective support system.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.