As unemployment surges, scammers are hoping to cash in on peoples’ desperation.
By Abhilash Garimella, Vice President of Research & Security Operations at Bolster
In the hunt for financial gain, threat actors frequently target weaknesses in software and business systems, often lying in wait with great patience and persistence before gaining unauthorized access to networks or stealing sensitive data. Cyber criminals also often try to leverage common mistakes, or human vulnerabilities, to target their attacks. Unfortunately, our human propensity to slip-up can aid cyberthieves in succeeding with malicious actions.
One vector that criminals are using with some effectiveness began in 2023 after thousands of workers were laid off from their jobs. Ever astute for the perfect opportunity to cash in, the criminals knew the newly jobless were ripe for the scam, and they pounced. After a job loss, people can sometimes struggle with confidence, feeling insecure about paying bills or using emergency funds to feed their families. According to the Federal Trade Commission, attackers using generative AI to launch fake job scams caught people unaware, accounting for roughly 105,000 scams.
Just past the midway point of 2024, with more than 126,382 job cuts across 393 companies and counting, the number of scams has kept pace, fueled by automated tools that help expedite scams at a massive scale. As market impacts continue to send people into job search mode this year, hackers are finding more ways to profit from the unemployed.
What can businesses do to protect prospective employees from fake job scams? While the threats are real and becoming more prevalent, there is a lot that job seekers can do to avoid falling victim to fraudulent schemes.
As the saying goes, the best defense is a strong offense. Therefore, job candidates can arm themselves with knowledge to help recognize common warning signs of fake job scams. Some of these include:
1. Urgent or persistent calls
Injecting false pressure or urgency upon the target can effectively confuse a person and not allow them ample time to process what is happening before they make a critical decision. Scammers may claim you will lose a job opportunity if you fail to respond swiftly. Additionally, the onset of artificial intelligence (AI) tools allows scammers to produce very convincing voice or video deepfakes that have already tricked people into agreeing to fake terms that result in financial loss.
2. Communicating unprofessionally
Legitimate companies have professionals monitoring general email inboxes or posting to social media accounts, where communications are typically well-written and provide appropriate information. Therefore, scam emails would traditionally be easy to spot because they often contain grammatical and spelling errors or vague details to respond to or contact the company. However, AI has eliminated these obvious red flags, helping scammers remove errors in their communications. This makes it exponentially more difficult for people to recognize the danger in their inboxes or social media DMs.
3. Immature web and social presence
Popular web hosting services offer scalability, cost-effectiveness, and easy accessibility, allowing cybercriminals to quickly set up and manage fraudulent websites and use them as a conduit for phishing attacks. Additionally, scammers can easily create fake company profiles across various social platforms, effectively producing an online presence. An obvious warning sign of these accounts is that they are scant on information and resources or appear very newly created.
4. Too much information
Scammers may ask for personal information very early in the job search process. Examples include reviewing proof of residence or financial statements with a promise of a direct connection to job opportunities. Legitimate companies don’t typically require such documentation until the interview process has been completed or the candidate begins the onboarding process. Also, be aware that upfront payments in exchange for employment are almost always a sign of a scam.
5. Lucrative or “too-good-to-be-true” offers
Job candidates receiving compensation offers with extraordinarily high salaries with vague details on roles and responsibility should be suspicious. Here, the scammer hopes the lure of riches will entice you to accept a job that does not exist. If the great perks you are offered seem too good to be true, or the job is tailored for you but wreaks suspicion, give yourself time to evaluate before you determine your next move. Avoid sharing sensitive information or making financial transactions without first insisting on proper verification of all parties involved in your offer.
Here’s the good news. You can adopt best practices early in your employment search to protect yourself from these and other common fake job scams. Among these practices are thoroughly researching potential employers and trusting your gut instincts in every situation.
Another way to evade scammers is to stay connected to your colleagues, friends, and family during your time without employment. While some disruption of routine and schedule are expected after a job loss, job seekers who fight isolation by maintaining a similar schedule in their search activities as they did in their former jobs may fare better, using their connections to network for their next role. Part of this strategy also includes attending in-person events as frequently as possible, keeping your search top of mind among hiring professionals, and ensuring you hear of opportunities as they become available. Regularly meeting and speaking with your connections can help you remain hyper-aware of potential cyber scams, especially when using digital platforms.
Further, businesses and organizations should actively work to raise awareness about the threats among employees, recruiters, and job candidates to fill open roles. They can do this by regularly offering cybersecurity training focused on job scam protection to employees and staff.
Finally, organizations can implement security measures like proactive scanning for threats and intelligent impersonation detection, to identify fraudulent job postings that use valid branding to trick applicants into clicking malicious application links. This can protect vulnerable individuals from fraudulent job search-related schemes.
About the author
Abhilash Garimella is the VP of Research & Security Operations at Bolster AI where he leads both the threat intelligence and SOC team to detect and take down digital threats. Follow him and Bolster on LinkedIn.
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”