Job scamming is a widespread issue that has only been exacerbated by the ongoing pandemic. These scams have become lucrative businesses, operating globally and raking in millions of dollars. A recent survey revealed that 32% of job seekers have applied for and even interviewed for a fake job, while 15% had their personal information stolen, and 9% lost money to these scammers. The financial losses associated with job scams reached a staggering $367 million in the United States alone last year.
According to Gabriel Friedlander, the founder and CEO of Wizer Training, these scammers operate just like any other business. Instead of marketing products or services, their goal is to commit crimes. They employ marketing strategies to send out their scams, capture leads, convert them into opportunities, and ultimately scam the unsuspecting victims. They utilize tools similar to those used by legitimate marketers, but with a more sinister purpose.
Job scams not only harm job seekers, but they also have significant implications for company brands and expose sensitive data to exploiters. Roger Grimes, a data-driven defense evangelist at KnowBe4, marvels at the ingenuity of these scammers who steal the credentials of real individuals and use them to apply for jobs using authentic-looking emails or portfolio URLs. These emails often contain hidden malware within resume attachments or links, making it even more challenging for companies to protect themselves.
The scammers behind these operations are well-funded and agile, constantly adapting and evolving their tactics. Fred House, a senior director at Trellix Advanced Research Center, gives an example of the Qakbot malware, which was initially exposed and addressed but quickly evolved into a new threat. It becomes a game of cat and mouse, with companies constantly trying to stay one step ahead.
Companies, especially those without dedicated cybersecurity teams or software, are particularly vulnerable to these scams. Even larger, Fortune 500 brands are targeted because of their desirability and the allure they hold for job seekers. Companies need to invest in robust security measures to protect themselves and their reputation.
Awareness, education, and training are crucial in the fight against job scams. Companies that are knowledgeable about these scams are less likely to fall victim to them. Thorough background checks, multiple methods of verifying an applicant’s identity, and a tight security posture are essential measures companies can take to stay safe. It is also important for companies to actively root out these scams and put pressure on job sites and social media platforms to eradicate fraudulent activity.
LinkedIn, one of the largest professional networking platforms, acknowledges the rise in fraudulent activity and emphasizes its commitment to using technology, including artificial intelligence systems, to detect, and prevent fraudulent activity. They have implemented additional tools and safeguards to ensure a safe experience for users.
To assist potential job seekers in avoiding scams, companies can list specific instructions on their career pages and social media platforms. Phrases such as “We will never ask you for money” and “We will never ask for your Social Security number or identifying information” can help raise awareness. For businesses with limited cybersecurity resources, outsourcing to experts in social media monitoring and brand protection may be a wise investment. The damage caused by falling victim to these scams can be significant, and prevention is always better than dealing with the aftermath.
Even if a company is not financially affected by these scams, its reputation can still suffer. Potential job seekers may associate the company with scams, despite the fact that the company is not at fault. Showing empathy and taking appropriate action when notified of a job scam associated with the company can help minimize the damage to its reputation.
While job scams continue to evolve and become more sophisticated, it is crucial for individuals and companies alike to educate themselves about cyber risks and take necessary precautions. Protecting oneself from cybercrimes has become an unfortunate reality in the digital age. As Friedlander emphasizes, cyber-risk may not be as tangible as physical risk, but it is equally important to address and mitigate.