Online recruiting scams prey on both job seekers and legitimate employers alike.
People looking for work get fleeced out of their money and sensitive information, while businesses suffer the stigma of being used as the face of the scam, even though they had nothing to do with it. Criminals know how to make websites and emails look official enough to fool many people in a short amount of time. More often than not, company officials and authorities learn of the recruiting scam a little too late before shutting it down.
The damage is done.
Criminals have already duped hopeful job seekers and extracted sensitive information like Social Security numbers, financial details, credit card info, or money to pay for fake advanced fees. In the first ten months of 2018 alone, the Better Business Bureau (BBB) was able to track more than 3,000 recruiting scams with millions of dollars in losses.
What Can Employers Do to Stop Recruiting Scams?
Employers need to act fast to shut down this type of illegal activity. Here are a few steps on how to stop scammers in their tracks.
Add a page to the official recruitment portal on the company website that alters job seekers of known recruiting scams trying to impersonate the brand. This particular alert page on scams must contain all the vital information regarding the fraud to educate job seekers on what to look out for and how to avoid being a victim.
There should also be clear instructions on the company’s recruitment process, like how job seekers can directly apply (resume upload, online application form, official email), noting these are the only legitimate ways to send a request. No other email addresses, third-party websites, or portals are accepted.
Using an identity protection service can help employers in recruitment positions monitor if their online accounts have been breached and compromised. Scammers will impersonate people high on the corporate ladder so they can trick as many people (working for the target) as possible.
How Does a Recruiting Scam Work?
The scam is simple enough but has plenty of moving parts for it to work. Criminals behind recruiting scams have small teams that handle everything, from getting spoof domains anonymously to making phone calls.
1. Target Company Research
Scammers do their homework on whom the top employers are, more often than not, using large corporations that have become household names in the market they want to target.
2. Resource Gathering
They then proceed to illegally scrape the webpage of the legitimate company they want to impersonate, extracting logos, fonts, and essential names related to recruitment, such as recruitment or HR officers.
Scammers will try to obtain real correspondence from the company, complete with the name and signature of the sender, or will make a letterhead from scratch and fabricate the signature. Adding the name of a real person gives the whole thing an air of legitimacy.
3. Fake Websites Using Spoofed Domains Go Up
The criminals use all the logos, fonts, and other material they collected to create a fake website using a “spoof domain.” A spoof domain uses slightly altered characters that look very similar to the original and read as correct, such as gooogle.com or Micorsoft.com.
4. Solicitation Emails Go Out
Fraudulent solicitation emails go out after the scammers set up the fake website and purchase the spoofed domain. The bad actors also post job openings on social media platforms, online job boards, and recruitment websites. Recruiting scam emails are like phishing attacks, wherein the email address looks like it’s from a real company, but has slight alterations.
5. Scammers Make First Contact
The scammers respond to job seekers by offering fake job interviews by phone, with a phony job offer soon to follow. The calls don’t involve a real landline but are made via VOIP, but the criminals will make it look like they’re calling from a legit company using software that masks their caller ID. Some scammers even use Skype.
What Do Scammers Get From Job Seekers?
The goal of every scam is financial gain through illegal means, and recruiting scams are no different. Criminals are either looking for money or personal information that they use for identity theft or sell in the black market.
Target 1: Money
Scammers ask job seekers to pay for bogus travel fees, office supplies, certification, or to run background checks. Criminals will offer remote work as an excuse to charge the job applicant advance fees. Another tactic is telling job seekers that they need to make a small deposit to guarantee their slot in the interview or lose it to someone else.
Target 2: Personal Information
Sensitive data such as Social Security numbers, driver’s licenses, names, addresses, phone numbers, banking details, credit card numbers, and other forms of identification can be just as valuable as money. Criminals can sell the information to illegal data brokers or use it for identity theft. Scammers trick job seekers into sharing sensitive information by telling them it’s for “onboarding new employees,” and that the details collected will be for company records and direct deposit salary payments.
With recruiting scams running rampant, employers should state that they would never ask applicants monetary payment for fees, guaranteed slots, or onboarding. Companies should inform job seekers that they would never ask for sensitive personal information like Social Security numbers via email or phone and that they shouldn’t give it to anyone unless they already signed a contract on company premises. These alerts can be included in a newsletter, posted on a job board, or used in social media scam awareness campaigns.