When a UX designer posted about the fraudulent job offer she received from a cybersecurity company last year, her story went viral. The “hiring manager” had instructed her to link her personal credit card to the company’s bank account and purchase an iPhone and Apple Watch to send the company so its IT team could add branding and security software. When the designer started feeling weird about the situation, she called the main company phone line and discovered the job offer was fake.
Nearly 4,000 commented on her LinkedIn post, with some questioning how she didn’t spot the red flags, others sharing their own experiences around scams, and still others congratulating her for raising awareness about how easy it is to fall prey to a job scam.
In the U.S., the Federal Trade Commission reported 77,612 claims of fraudulent business and job opportunities during the first three quarters of 2023 — with $337.8 million in losses. In Australia, the cost-of-living crisis contributed to a 150% spike in job scams last year, and in the U.K., 30% of residents have experienced some kind of employment scam, according to the communications regulator Ofcom.
While the media narrative tends to be focused on the victim’s experience of job scams, the phenomenon has also put HR departments in the firing line, emphasizing the need to protect not just candidates but their company brand — and even their own employees.
Simone Piana, ADP’s VP of Talent Acquisition, says this kind of job scam has existed for years but has really taken off since the pandemic spurred more remote working arrangements. “And the rise of new technologies is helping those criminals to be even more effective,” he says. “Everything is moving extremely fast.”
Evolution of job scams
Cybersecurity expert James Bore has seen it all: Emails from “recruiters” offering well paid, flexible, remote work; fake texts from well-known brands publicizing roles within their teams; LinkedIn messages from foreign businesses looking to hire senior tech professionals.
Bore, a London-based cybersecurity expert, actively tries to attract scammers to educate himself and his clients on the latest scam strategies. Since he started laying the bait over five years ago, contact has escalated to at least a few times a day. He has several burner phones and email addresses that he spreads around, and once they end up on phishing lists, he goes along with each scammer long enough to learn their MO.
Everything is moving extremely fast.
Simone Piana, ADP’s VP of Talent Acquisition
While job scams now tend to play out on messaging apps, the narrative and goals are largely the same as ever: Victims are offered a fake job, but only if they hand over some money to access equally bogus tasks, training or equipment. Other scams include asking applicants to leave fake online reviews, or even handle financial transactions akin to money laundering.
This is where Bore bows out. But those who don’t have Bore’s knowledge might not escape so easily, especially when scammers are impersonating big employers.
“The payment request might start at £10, then go up to a few hundred, and I know people who have lost thousands on these scams,” he says. “You think it must be genuine and it’s just part of the checks and validations they need to do. For the scammers, it’s how they make their living.”
Implementing an anti-scam strategy
Anti-job scam strategies need to have both a reactive and a proactive component, says Tina Rahman, founder and director of the London-based HR consultancy HR Habitat.
It’s essential to issue reactive statements explaining that fraudulent job postings have hijacked a brand name, Rahman says. But with AI chatbots making it easier than ever for scammers to create bogus listings, as a form of due diligence, HR teams also need to regularly perform proactive searches for job scams in their company name.
In the meantime, HR teams need to make their companies’ recruitment policies public so everyone knows what to expect when they are interacting with the real business, allowing targets to identify discrepancies in a job scam, Rahman says.
“We’re not seeing this enough,” she says. “Imagine applying for a job, and you’re faced with a con artist. It’s almost too easy, because the agenda is to get this person in and get what you need from them. So making public the proper selection process policy lets candidates know what an authentic process looks like.”
After a major malware attack and cybersecurity incident, Mondelēz decided to invest in ADP global payroll.
The policy should include a list of platforms and partners where the company posts job ads, so potential victims don’t engage with scammers using personal communication platforms such as social media or messaging apps. HR should also share the genuine email addresses that their communications will come from, include the correct websites to upload applications, and outline the steps that the real process entails.
But such a rigorous approach is not yet commonplace, Rahman says. HR should be leading the charge. “[Job scams] are impossible to deal with, or respond to, if there are not proper HR practices in place,” she says.
Employers may also need to start going above and beyond even this level of attention by also providing business scam awareness training to their staff that would help them recognize the signs of a scam, such as generic email addresses, requests for money, and pressure to hand it over. This, says Rahman, would prevent the fallout affecting not just an employee personally, but the wider company too.
This is especially important for large companies handling sensitive data. Cybersecurity awareness training for associates interacting with external people, including job candidates, needs to be ongoing.
“In making sure ADP and our clients are safe, we are paying a lot of attention to these issues,” Piana says. “Every year, each of the more than 65,000 associates at ADP goes through mandatory compliance and anti-fraud training to help keep the company and data safe.”
Fighting jobs scams
Job scams hurt everyone — job seekers and businesses alike.
“People have lost thousands on these things,” Bore says. “Once you’ve paid that small bit upfront, it’s much easier to justify paying more and more, because it’s hard to admit when you’re wrong, and people convince themselves they need to pay for the next validation or check to get to the next level of the process.”
Unfortunately, there’s often little victims can do to recoup their losses — even when the companies that were impersonated try to help. “We reassure victims that it doesn’t mean they’re stupid, and that they shouldn’t feel ashamed, because you are more likely to have money stolen from you by fraud than any other form of theft,” says Bore.
Companies that take a strong, proactive approach protect potential victims and differentiate themselves as so-called “employers of choice,” Rahman says. Organizations that respond well in a crisis attract the best talent and partners.
“Suppliers and partners want to work with them,” she says. “I’ve worked with businesses where they’ve been pitching for clients, and within their pitch, they’ve mentioned their approach to job scams to show how they’re looking at the economic disasters happening right now — and how they respond to them.”
Read more
Sign up to keep up to date with ReThink Quarterly.