The Federal Bureau of Investigation (FBI) is warning job applicants that cyber crooks are running an updated ruse to try and make off with personally identifiable information (PII).
The scam is pretty straightforward. Cyber criminals pose as legitimate employers on online job sites, going as far as advertising on those sites, building out a website that smacks of something above board, and actually interviewing applicants. They give the job applicant just enough rope to give a false sense of security. Then, once they think the applicant is in their snare, the crooks go after PII and/or money from the job seeker.
“Fake Job Scams have existed for a long time but technology has made this scam easier and more lucrative,” warns the FBI. “The PII can be used for any number of nefarious purposes, including taking over the victims’ accounts, opening new financial accounts, or using the victims’ identity for another deception scam (such as obtaining fake driver’s licenses or passports).”
There are some key elements job applicants should be on the lookout for so they don’t fall prey to the scam:
After being interviewed by cyber criminals masquerading as department heads or recruiters, victims are usually offered a work-at-home gig.
To prove some legitimacy, the crooks will send the victim an employment contract to physically sign and request a copy of their driver’s license, Social Security number, direct deposit information, and credit card information.
Criminals have also reportedly asked victims to make an upfront payment for background checks, job training, start-up equipment, or supplies. These requests usually come with the promise that the job seeker will be reimbursed in their first paycheck.
Once the crooks get the money -- $3,000 on average -- they shut off all communication with the victims, leaving no way to be found.
The do’s and don’ts
When someone is looking for a job, they’re often in a tender trap thanks to needing the job to stay liquid or provide for their family. The FBI says that there are six things every job applicant should do to protect themselves:
Do a web search on the hiring company. If you see multiple websites for the same company (abccompany.com and abccompanyllc.com), that may indicate they’re fakers.
Legitimate companies won’t ask for PII or bank account information for payroll purposes until AFTER someone is officially hired.
Do not send any money to anyone, particularly by wire transfer.
Don’t give any so-called employer your credit card or bank account information without having them verify their identity.
Keep your Social Security number and any other personal info that could be used to access your accounts to yourself. Social Security numbers are NOT always required.
Before entering any type of PII online, look at the prefix of the website’s URL. If it’s secure, it should begin with “https://”, not “http://”.
And, while we’re not the FBI, ConsumerAffairs’ research has found that sites like Indeed, LinkedIn, and Monster also offer a layer of protection in making sure a job applicant’s search for a new gig is safe and secure.
And if you get hit?
If you are a victim of a hiring scam, the FBI says the following actions should be taken as quickly as possible:
Report the activity to the website in which the job posting was listed. For example, if you saw the hiring post on Indeed, contact them.
Report the activity to the company the cyber criminals impersonated. You can also do a reverse look-up of website ownership via a “WhoIs” search, which could give you official contact information for the company and/or the site’s registrar.
The moment you see something suspicious, contact your bank ASAP and, a) direct them to stop or reverse the transactions, and; b) ask them where the fraudulent or suspicious transfer was sent.