According to the FBI’s Internet Crime Complaint Center, more than 16,000 people in the U.S. reported themselves victims of employment scams in 2020, with losses nearing $60 million. The Better Business Bureau’s 2020 Report estimates the median dollar loss per victim of employment scams in 2020 was $995. (WSJ, 8 September 2021). In 2020, about 10% of all scams involved Amazon, according to the Better Business Bureau, with Walmart coming in at a close second.
Impersonation is one of the most popular and effective tactics used by scammers who utilize online platforms to perpetrate their scams. Most who reported employment scams said they continued to engage with the scammer because it sounded legitimate. (BBB, Scam Tracker Employment Scams Report, 2020)
The graphic below shows the most reported online platforms used to commit job scams.
Signs of a Potential Job Recruitment Scam:
Recruitment Emails from Gmail and Other Free Accounts
Be cautious of emails coming from free email services/domains as opposed to business email accounts
Watch out for “typo-squatting”, domain names very similar to a company’s that scammers have purchased
The company name may be misspelled or better yet has no online presence
Grammatical Errors and Vague Context
The company name is ambiguous or missing
Look for misspellings, punctuation and grammatical error
Job being offered isn’t clearly defined with possibly no limitations on geographical location, qualifications, experience level, etc.
Beware if you are ignored for requesting more details
Too Good to be True & Moving Fast
Offers too much money for little work and/or very flexible hours
Immediately asks for unnecessary personal information
Offers of employment after just one interview or no interview at all
Interviews are set up via chat or text with no video or voice option
Jobs that create a sense of urgency or limited positions to bait you
Jobs that appear to be overly secretive or confidential
Into Your Pockets
Starts asking for banking information (direct deposit) or you to purchase specific high-ticket items “required” for the job. Aka, Advance Fee Schemes.
“Sends” you too much money and asks you to send back the difference. Aka, an Overpayment Scheme, see Business Fraud.
Asks for other personal documents such as passports, transcripts, CVs, etc.
Measures to Prevent Yourself from Becoming a Victim of Employment Scams:
Ensure communication is completed through the company’s correctly spelled @email address. Beware of job postings that ask you to send any information (including your resume) to a free email address (e.g. @gmail.com, @mail.com, etc.).
If the job you are applying for is not listed on the company’s website, it may be a red flag. If you are unsure, call the company directly and ask about the job posting.
Avoid giving out personal or financial account information to a new employer via email or messaging service. Companies have secure ways to collect information at the appropriate time.
Do not send or transfer money to a recruiter or prospective employer.
Beware of spelling errors and bad grammar.
If something sounds too good to be true, it probably is.
Always research the Company and its hiring process. Ensure the company name is spelled correctly in the posting.
Organizational Best Practices to Avoid Being Used in Employment Scams:
Organizations may want to add a statement or page to their career site addressing recruitment fraud and include information such the hiring process and where to report a fraudulent posting.
A clear hiring process will instill confidence in job applicants and make it significantly harder for scammers to attempt to copy your process.
Request potential candidates apply directly to your organization’s website instead of job recruitment sites. By making this a standard practice, you can clearly identify fraudulent postings in your organization’s name.
Using social media to advertise jobs and directing applicants to your company website, will make it more difficult for scammers to use your brand for fake jobs.
Job Recruiters or Hiring Managers should always communicate through your organization’s email service.
Policies and education should be in place to help recruiters and managers to recognize and report fraud. See the FBI’s page on common scams and crimes for more information on how scammers steal information.
What to Do If You or Your Company Becomes a Victim of an Employment Scam:
Understand common scams and risks online
File a report on the recruitment site for each fake job posting found
Report scammers to the BBB
File a report with the Internet Crime Complaint Center (IC3)
Contact your local FBI Field Office
Job Scams Study – includes examples of scammer tactics
Reporting a Fake Job Posting:
Phishing Attacks Video – YouTube video (about 3.5 minutes) defines Phishing attacks and how to prevent them.
Examples of Fraudulent Job Postings:
All of the job postings pictured display red flags from the sense of urgency to the “out of the blue” recruitment tactics to complete vagueness. Can you spot any other red flags?
Types of Scams:
This list is not exhaustive but will give you a solid grasp of the types of scams out there. You may recognize several of them.
Business Email Compromise (BEC)
How to Report (recommendations by the FBI):
Contact your financial institution immediately and request that they contact the financial institution where the transfer was sent.
Next, contact your local FBI field office to report the crime
Also file a complaint with the FBI’s Internet Crime Complaint Center (IC3)
Phishing: scammers use email or text to lure you into sharing personal information such as passwords, account information, Social Security numbers, etc.; introduce malware onto a device.
Email Phishing: probably the most widely known, often includes a link to what looks like a legit website for you to fill in information; often looks very similar to a recognizable company.
Malware Phishing: Very similar to above with the goal of getting the victim to click a link or download an attachment that would introduce malware to the device they’re using. Currently the most pervasive form of phishing.
Spear Phishing: A more targeted attack and often well-researched. Usually going after more lucrative targets: business executives, public personas, etc.
Whaling: even more targeted than Spear Phishing, this attack can be much more subtle and often takes aim at senior executives.
Smishing: Delivered via SMS, short messages that include a malicious link intended to be opened by the recipient and therefore infect the device used. Often disguised as a political message, account notification or prize notification.
Vishing: Voice phishing. Caller tries to get personal information while claiming to be from some official-type organization, company, etc.
Pharming: Also known as “DNS poisoning” (domain name system), a sophisticated attack that reroutes legit website traffic to a spoofed page with aim to glean personal information.
Clone Phishing: Attacker gains access to and compromises someone’s email by adding a malicious link, attachment or other element and sends the email to the victim’s contacts.
Man-in-the-Middle Attack: Often carried out by a third-party gaining access and spying on two unsuspecting parties by creating a phony public wifi connection (think the innocent coffee shop work sesh). Once they have access they can introduce malware or search for valuable personal information.
Malvertising: Posing as digital ads with malicious code implanted
Search Engine Phishing: Fraudulent websites set up to collect sensitive information, will come up in organic search results or pose as paid advertisements for popular search terms.
Angler Phishing: Attacks on social media utilizing URLs; fake notifications (links); cloned websites, tweets or posts; instant messaging (basically Smishing at this point)
Download the Full Document Here:
DISCLAIMER and Hold Harmless Disclaimer: LSDS™ gathers information from multiple sources and offers insight and perspective to travelers. Sources cannot be validated for accuracy in every instance. Travelers assume all risk associated with their travel and are responsible for the decisions associated with travel and for their own safety. Users of this reference document agree, to hold harmless LSDS™ (LLC) its employees and clients associated with any risk or injury incurred during travel.