Identity theft is on the rise, and one tactic criminals use to get personal information is through fake job ads. KrebsonSecurity reported last week about a recent scam duping more than 100 victims on LinkedIn before it was discovered, and the fraudulent ads removed.
How the Scam Works
LinkedIn is a popular social media platform where professionals share ideas, interact, and promote their businesses. It has also become a popular job platform where companies can post ads, and candidates can easily connect with the right individual to move things forward.
The FBI warned job seekers about one such job ad that appeared on LinkedIn last week for Geosyntec Consultants. There were different design consulting ads. Each ad directed the candidate to email Geosyntec’s senior recruiter Troy Gwin. The company and person were real, but the ad was fake and they did not post it.
After hearing about the ad, Gwin contacted KrebsonSecurity to report the fraud. By the time it was reported, and LinkedIn removed the ads, more than 100 victims had already applied, sending their personal information to the criminals.
According to KrebsonSecurity:
“The endgame was to offer a job based on successful completion of a background check which obviously requires entering personal information,” Gwin said. “Almost 100 people applied. I feel horrible about this. These people were really excited about this opportunity.”
Too Good to be True
A few people had contacted Gwin directly to verify the ad. The ad told respondents to contact Gwin at a Gmail account that he says is not his. One woman, in particular, Erica Siegel, who applied, received a response shortly after answering some screening questions that appeared to be legitimate and appropriate for the job she was applying to. She quickly received a response awarding her the job with a generous salary. She immediately became suspicious, saying that “I usually have six or seven interviews before getting a job,” Siegel said. “Hardly ever in my lifetime have I seen a role that was flexible, completely remote, and paid the kind of money I would ask for. You never get all three of those things.”
She fired back a list of her own questions, which the scammer ignored. Instead, he or she implored her to complete her onboarding process by filling out the paperwork to finalize her employment. That, of course, included a copy of her driver’s license, and banking information for direct deposit, among other pieces of sensitive personality identifiable information (PII). Siegel then contacted the real Troy Gwin, and he confirmed that it was indeed a scam intended to steal personal information for fraud.
Signs that a Job Ad is Fake
Although there are hundreds of legitimate job ads on social media sites like LinkedIn and others, scammers use these platforms very effectively to post their own fake ads.
Some signs that a job ad is fake according to the FBI and KrebsonSecurity are:
Interviews are not conducted in-person or through a secure video call.
Potential employers contact victims through non-company email domains and teleconference applications. This is also sometimes referred to as phishing scam.
Potential employers require employees to purchase start-up equipment from the company.
Potential employers require employees to pay upfront for background investigations or screenings.
Potential employers request credit card information.
Potential employers send an employment contract to physically sign asking for PII.
Job postings appear on job boards, but not on the companies’ websites.
Recruiters or managers do not have profiles on the job board, or the profiles do not seem to fit their roles.
A common theme among these perpetrators is to use a Gmail account. Legitimate company representatives will have company-domain email accounts and won’t be using a personal one from Gmail. This is a big red flag you can use to weed out the duds.