Separate genuine offers from scams

9 Min Read


$90,000 a year, a full home office and 30 days of paid time off, all for a job as a junior data analyst – incredible, right? However, these and many other job advertisements are fake – created solely to trick unsuspecting victims into giving up their details.

job offers lq

Nowadays it can be quite difficult to look for a job, and many employers are looking for that too freeze hiring or not hire as much like they used to do. Plus, with the numerous recent layoffsthere are more job seekers on the market than before.

Still, this doesn’t mean companies will stop advertising for jobs completely – frozen vacancies may remain as “ghost job‘offers, even though a company is not looking for anyone in particular.

The problem, however, is that these positions are also accompanied by fake messages claiming to be offers from legitimate companies, causing job boards to become overcrowded. Furthermore, these ads can appear very authentic, as scammers often go so far as to be complete constructing personality and professional life from a recruiter or HR person, sometimes stealing people’s actual online data to do this.

Why? As always, the end goal of such scams is to use the collected data to achieve some form of monetary or other gain. And while job scammers can be devious, they are not impossible to spot.

Constructing false identities

As detailed in a previous WeLiveSecurity blog by Daniel Cunha Barbosa, people often reveal too much about themselves online, especially on sites like LinkedIn, which serves as both a professional social media service and a job board. This can make it easier for scammers to collect data – be it by purchasing leaked account details or doing a little web scraping.

See also  HTC U24 Pro confirmed: new mid-range smartphone

For example, open source intelligence tools (OSINT) can easily help collect data from people’s online profiles and activities. Software like Maltego helps find information about people or companies online, allowing anyone to connect and map relationships between websites, accounts, emails, locations and more.

Maltego profile and data spectrum

Information that can map Maltego. Discover how great the connections can be with just one person. (Source: Sol González/WeLiveSecurity)

As a result, a profile is created that is intended to trick unsuspecting users into faking jobs for further data collection and thus commit even more crimes, such as business email compromise or various social engineering attacks, becomes easier than ever.

On the other hand, OSINT tools allow people to check how vulnerable they are online, so they also have a positive application, especially for security professionals, who can use them to find out information about potential threats that could disrupt the security posture of those who manage them . to protect.

Discovering a fake vacancy

What does a fraudulent job vacancy look like? It depends, as fake recruiters can message job seekers directly and include a malicious link or attachment in the message/email. These are also accompanied by fake vacancies on recruitment boards, making the vacancies look more realistic.

Furthermore, early in the application process, forgeries can go as far as requesting them bank account information or citizen service numbers, which should always ring alarm bells for everyone.

To make sure you’re about to get a real deal, check the following:

  • Whether the company and the person exist – legal company name, address, registration, online presence and possible news items.
  • Social media profiles from the company/recruiter, and look for grammatical errors, weird date breaks on their messages, and a lack of consistent online activity (fake profiles may not have a regular online presence for long periods of time).
  • If they have responses from real peoplerecommendations from previous employers and colleagues, certifications, genuine responses to others’ posts, etc.
  • Their other job board posts or past activities – the more posts they have on other boards, the more likely they are to be real. If you can, also check their postings on local boards, but this does not guarantee authenticity.
See also  This road trip narration app with voices like Kevin Costner's is $30 off

Small mistakes can also make a difference. Scammers often recreate company work pages to seem more authentic, but these pages may also have some observable qualities:

  • Website security: Fake websites may not have the HTTPS certificate, which could be a sign of an unsafe, malicious site.
  • Left: These can have many tell-tale signs, such as spelling mistakes. Additionally, links do not have to take you to the same location as indicated. Before you click, hover your mouse over the link and check its intended location in the tooltip at the bottom left of your browser window, as shown in the image below.
Hover over a link
When you hover over a link, the intended location is displayed at the bottom left.
  • Suspect asks: No company will ask for your bank account number, social security number, ID or anything like that during a job interview. Unless you are already an employee (and have met with verified HR representatives), providing such information is not permitted.
  • Typing errors: Fake websites may contain many typographical or grammatical errors, stylistic issues, or intentional errors character changes this may go unnoticed at first (e.g. using “0racle” instead of “Oracle”).
  • Reputation: If possible, do a quick domain check on a site like Who is or ScamAdviser.comwhich gives you useful information about the site’s registration, its age and more.
ScamAdviser site description
ScamAdviser shows a brief and detailed overview of why a site should be trusted.

Some basic guidelines

Any discussion about protection against job fraud must cover more than one angle.

Firstly, in order not to become a victim of identity fraud, limit your privacy settings on job boards (or social media in general) if you can, and never voluntarily present personally identifiable information online, including accounts with public visibility. As mentioned earlier, this will make it much easier to build a profile about you using OSINT tools and web scrapers.

For example, on LinkedIn you can set whether you want your profile to be public or private (visible only to other LI users), and who can see your full last name and other information. You can read more about this in an article by André Lameiras.

Second, never give away your information without it verifying your potential employer. It’s very easy to fall prey to a fake job posting, but a tell-tale sign can be as simple as a bald job posting or a spotty online presence.

See also  OnePlus Pad Go Review: Affordable Media-Focused Tablet

Third, be on your guard random emails or messages with job postings from unverified or unreliable-looking accounts.

Finally, if there appears to be an offer too tempting (for example, giving an above-average wage with virtually no experience required), it’s probably a scam.

All in all, the chances of someone coming across a fake job posting are high, so be aware and try to stay cyber safe for as long as possible.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *