The FBI’s Internet Crime Center (IC3) warns that scammers are exploiting verification weaknesses on employment-focused networking sites to post legitimate-looking ads, capture personal information and steal money from job seekers. ‘use.
Scammers “continue to exploit security vulnerabilities on recruitment websites to post fraudulent job advertisements to trick applicants into providing personal information or money”, FBI warns in new public service announcement.
Fake advertisements threaten to damage the reputation of the impersonated company and the financial loss of the job seeker.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
According to complaint reports from IC3, the average loss reported under this scheme since the start of 2019 is $3,000 per victim.
In a notable scheme, the attackers used a real company account on a job-focused networking site to post fraudulent job vacancies.
“The lack of strict security verification standards on a recruiting website allowed anyone to post a job on the site, including on official company pages,” the FBI notes.
“These postings would appear alongside legitimate job postings posted by the company, making it difficult for applicants and the impersonated company to discern which job posting was genuine and which was fraudulent.”
The FBI does not disclose which site lacks verification checks. However, BleepingComputer reported in August that a feature on LinkedIn allowed anyone to post a new job from a known brand’s account without providing verification. In addition, the administrators of the company account could not delete the fraudulent job offer.
Microsoft-owned LinkedIn last week published its latest transparency report, highlighting the number of fraudulent posts and fake accounts removed in the six months to June 30, 2021. It says its automated defenses blocked 97.1% of all fake accounts during the period, or 11.6 millions of fake accounts blocked during registration. However, some 85,700 accounts were blocked after users reported them.
It also proactively removed 66.1 million spam and scam content on LinkedIn, but removed 232,000 pieces of that content after members reported it.
According to the FBI warning, the scammers also replicated legitimate job postings, changed contact information, and then posted the now fraudulent job posting on other networking sites,
Scam job recruitment advertisements borrow a lot of real information from spoofed recruitment companies, including fake logos, images, email addresses and websites. In some cases, scammers use the names and positions of actual company employees to improve online impersonation, then use these impersonated identities during the paid interview and hiring process. The FBI cites three examples of such scams in the past year where real employee names were used.
As the The FBI warned in 2020, fake job scams are an old thing, but online recruiting and teleconferencing apps have made it more lucrative and easier to create fake interviews. Stolen personal information is used to take control of a victim’s financial accounts, open new accounts, or use them to obtain fake driver’s licenses or passports.
Victims are often offered work-from-home jobs and given a bogus employment contract to sign, then asked to provide driver’s licenses, social security numbers, direct deposit information, and credit card information. Victims are asked to prepay for background checks, job training and start-up supplies and are told they will be reimbursed on their first paycheck. Once the victims have paid, the scammers disappear.