Lately, there have been a lot of reports from colleagues regarding job scams within the security industry with scammers posing as recruiters or hiring companies’ employees offering a job and requiring candidates to pay fees using the justification of a training costs, work visa, travel expenses, background checks, etc.
Keep in mind that there are many people desperate to get a job and support their families, as well as the fact that they are operating within an industry that in many countries has no standards and is not regulated by official governmental authorities. This leads to a trend of less than honest people who find an easy way to expand their fraudulent activities and rip off our colleagues.
‘’ Fake Job or Employment Scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals leverage their position as “employers” to persuade victims to provide them with personally identifiable information (PII), become unwitting money mules, or to send them money.’’ April 21, 2021, FBI Warns Cyber Criminals Are Using Fake Job Listings to Target Applicants’ Personally Identifiable Information
Types of known scams used against security professionals
• Advanced Fee Fraud or 419 Fraud
In the security industry, this is a form of fraud where scammers posing as recruiters or hiring companies’ employees offer you a job and require you to pay them some of the fees associated with training, work visas, travel expenses, running background checks, etc. Typically, they offer you a very attractive job placement, with good money and great benefits. Some of them can be monitoring your online networking profiles and can ‘’read’’ your work needs and offer you a package according to what they discover about you. When you put a ‘’Open to Work’’ banner on your LinkedIn or a post saying you are looking for a job, be sure scammers are monitoring you. After they contact you, they start extracting your personal information from you. What they hope to obtain is your full name, bank account details, PayPal information, Social Security Number, driver’s license, and generally any other information they can use to get money from you. After they have gained your trust, they tell you that you qualify for their job, but in order to proceed, you will need to send them some money for either visa applications or criminal background checks. Some of them will require you to join and pay for one of their training courses, seminars, or conferences to be considered for hiring.
• Employment/ Career scams
Employment and career-related scams include companies trying to sell you products or services attempting to collect your personal information to sell to a third party who will then try to market their products/services to you.
• Career Consulting Scams
You may be contacted by “career consultants” who are impressed with your qualifications and would like to represent you. In addition, you will have to pay for their marketing, resume writing, resume reviews, or other career-related services.
• Recruiting Scams
Recruiters may contact you saying that they have clients with positions that you could be qualified for, though they don’t have any current openings. However, they then offer training sessions to purchase that will enhance your candidacy. They want to sell you their products/training but there is no guarantee of any employment.
• Bait and Switch Scams
With this scam, you apply for a job, and you get called for an interview. During the interview, you discover that the job you applied for doesn’t exist (or all positions are filled), and the company tries to draw your interest to a completely different position. ‘’When a company is hiring for jobs that nobody wants, bad benefits, less money, or horrible working conditions, they believe they may be able to more readily convince someone to take the job if they discuss it with them in person, so they mislead you about one job until they get you in for the interview and then talk to you in person regarding the other job’’.
• Phishing Scams
In this type of scam, you get an email saying a company has clients with open positions that you could be qualified for, even sending you the description of what could be a legitimate job opening: “Your online resume has recently come to my attention. I am impressed with your qualifications. A client of mine needs to fill an opening, and because of your previous experience in the executive protection industry, I believe you might be a solid match. In order to see the full job description, just click on the link below or paste it into your browser’s address bar.” Sometimes you are also given a code to enter. What’s happening is this: You are directed to a link on a website, where you fill out a form with your contact information and other personal information. This is an attempt to collect your personal information, either to sell your services or information to a third party or, even worse, you just opened your door to a virus being downloaded to your pc. If any links are sent to you by a potential threat actor, search for them on urlscan.io. This website may indicate whether it is malicious.
Other common scam tactics to look out for:
• Is there a sense of urgency? If yes, consider it a red flag. Legitimate companies and recruiters won’t push you to accept a job offer in an urgent manner.
• Pay attention if they are using attractive words and offering you the job of your dreams.
• Be careful if you get asked to pay for any equipment and send it to the address they require for ‘’software installation’’.
• Even if the company exists and they have a registered domain and a website up and running, you are emailing back and forth, and after some time, they ask you to pay them…stay away!
• If a recruiter asks to divert the messages to an encrypted application like WhatsApp, Skype, or Telegram, this is of concern and could be indicative of a scam.
For example, view the job application scam below, derived from Reddit. (https://www.reddit.com/r/Scams/comments/wnsl67/this_is_a_scam_right/ ).
• If you have only spoken to one person in the company over the phone and have yet to meet or view anyone face-to-face (even virtually), this could be a scam. Most interviews have several individuals present at the interview stage or in the second round of interviews.
• Scammers may primarily use phone calls and messages as a means of communication, especially if they are impersonating a CEO or recruiter online. It would be worthwhile to ask for a video chat instead, so that you can cross-reference the images online to the person you are speaking with. There has also been an increase in deepfakes used in video chats like zoom, with a recent article recommending that you ask the individual to turn their head to the side to determine if they are using this technology to impersonate others.
‘’According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million. In 2020, Texas reported 1,720 victims reported $4.5 million in losses. There were 69 victims in El Paso totaling $721,600 in losses. As of March 5, 2021, 2,349 victims had already reported $5 million in losses nationwide, 244 victims in the state of Texas with a loss of $1.5 million. In El Paso, there were eight victims reporting $31,928 in losses. Midland/Odessa reported 10 incidents in 2020 totaling $71,500 and zero complaints in 2021. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores.’’ Read the full press release here.
How to validate a recruiter?
When you want to properly validate a recruiter or a company employee, there are some simple steps to take where you can put your open-source intelligence (OSINT) skills to the test. You can gather information on the company that they claim they represent. It will probably take you a few minutes to get the general idea by searching online public sources. Start by looking carefully at that person’s LinkedIn account because, in this day and age, almost every professional has one. Do they have any activities (comments, posts, articles), or do they have any recommendations? Does their profile look real? Note that if the recruiter has a premium LinkedIn account, that does not mean that they are not a scammer. Look through their followers/following, see if there are other individuals in that company and whether these profiles look real, because if not, that might be a red flag.
- Conduct OSINT on the recruiter/individual if you have suspicions. Unfortunately, scammers use common names to make this process difficult, so look for any identifying factors you can find on their LinkedIn. For example, if George Smith from Greece is offering you a role, you can do a Boolean search on Google with the following: “George Smith” “Greece”, or “George Smith” “Company”. Look for their other social media profiles and their digital footprint. If no results show, that may be of concern.
- Do a reverse image search on the profile picture, this can be done by saving/downloading and uploading the image into a search platform. It is helpful to use different platforms as this can generate different results, including Google, Yandex, Tineye etc. If the image search does not provide any results, question yourself if the image convinces you. For example, would a woman with very provocative attire work for a professional law office or banking institution? Challenge your gut. It is also worthwhile to become familiar with deepfake images of people who don’t exist from the website thispersondoesnotexist.com, and to understand their features, as a profile image on LinkedIn could be derived from this website.
- Do research on the email provided/linked with their account. Does the recruiter’s e-mail address match the name of the company? Typosquatting is a term for a social engineering attack that uses misspelled domains in email addresses, so double check the spelling of the company. Is it a personal e-mail address? Search the email address in Google and Epieos, and see what results are found. Companies never use free email provider services like yahoo, Gmail, etc., and they are very easy to create. Say, for example, someone is presented themselves to you as Mr. John Adams, recruiter of our company LeMareschal, and the e-mail he provided you was: firstname.lastname@example.org, he is a fraud!
- Additionally, when receiving an email, it may appear as “Amazon” for example, but ensure to also look at the email itself to examine the domain and email stem (eg. John.email@example.com). This is another known phishing tactic scammers use.
- If they give you a phone number, do some research on that too. Even a simple Boolean search may showcase other posts by victims stating that they have been scammed. If you feel comfortable, call them and ask relevant details questions about the role, see if they know the answers.
For OSINT beginners, OSINT FRAMEWORK can be a great place to start with. It is a collection of OSINT tools to make your data and intel collection task easier and faster. The tool is used mostly by security researchers.
How to validate a company?
• Does the company exist? Where is it registered? Does the company operate in the country of your recruiter?
• Who runs the company?
• Do research on the company’s reputation on the web, forums, etc.
Some scammers will use a name for a fake company that is very similar to a real company, so when you do your research or ask around about the X investment or IT company, people will tell you it does exist. Some will go to great lengths and create an actual website and have a registered domain (in most cases, they have it under a private registration). OSINT searches of the company, and deep diving into the company website can be valuable, we recommend you do the following:
• Check the domain name by placing the company website in the Domaintools Who Is Lookup website, see who the registrant is, when it was last updated, and if it matches the company’s name. Is the website up and running or does it lead to an ‘’under construction’’ page?
•To search for the business website IP address, place the website into VirusTotal and the details section will provide you with an IP address (a string of numbers). You can then search for the address through IP Address Lookup, and it will provide you with a location (https://whatismyipaddress.com/ip-lookup).
• Look up the company website using waybackmachine, to see previous versions of the website, are there notable changes to the contact details, location, names, design or the about section?
• Several companies have social media profiles. Look into the differing profiles they may have, when were these profiles last active/created? Look into the history of the profile, the spelling of posts, terminology used and if the posts correspond with your knowledge and thoughts of the company.
• Pay attention to the company name and the job they are offering. There are only a few major and well-known companies that hold ‘’good positions” especially overseas.
• Look for individuals on LinkedIn who are currently in that specific role or team, inquire about the role and ask questions. They may even reveal that they are not in the process of hiring at the moment.
• Start asking your colleagues and your network contacts if they know or they have heard anything about the company and the person who contacted you. Raise questions asking for more information about them in security-related forums and networking places, and then carefully evaluate every answer you get.
• Keep a record (Excel works fine for this) with companies you have applied to before, so if you get contacted by a company you haven’t applied to, they may be frauds, and they probably got your e-mail information from different forums or networking places. How many cases do you know where people were contacted out of the blue by the hiring companies asking them to apply for a position with them?
• If they are claiming the company operates in a foreign country, call the embassy in that country, and ask them. The consulate office registers every company originating in its own country operating overseas (especially when it comes to security and protective services).
How to run a simple and quick background check on a business?
1) Use the free web tools (search engines, http://www.ripoffreport.com/, Company’s pages on Linkedin, Twitter, Facebook)
2) Use Government Agency Resources (public records, court cases, business state registration and licensing, www.brbpub.com, Chamber of Commerce www.worldchambers.com, Export Bureau International Fraud Report http://www.exportbureau.com/fraud_report.html
3) Best Business Bureau http://www.bbb.org/ (Better Business Bureau makes company information public to consumers and applies an A to F grade to each company. Their core services include business ethics, truth in advertising, fraud prevention, consumer education, business education, and dispute resolution between consumers and businesses.)
4) Start looking for an online reputation, complaints against it, credit history, and legal background. The most innovative company to provide business information is Dun and Bradstreet, which created a DUNS number–a nine-digit identification number- http://www.dnb.com/
5) Determine what industry the business falls under and conduct a search for the governing agencies.
6) Search county court records, including property tax records. Your county court has public records available to search the company and its principals if they are involved or have been involved in a lawsuit.
7) Get a business credit report and background report (available from Dun and Bradstreet, Experian, Smart Business Reports, Equifax, and Lexis Nexis, fees range per report).
8) For foreign companies you can use www.skyminder.com (which supplies online credit and business information on more than 50 million companies in 230 countries).
Sometimes when you investigate people, the information will lead you to companies, and when you investigate those companies, your information will lead you to individuals, always compare and run information on both. Make sure you NEVER provide them with your personal information!!! If you don’t know someone or can’t check on them, do not give them any of your information!!!
What to do if you run into a job scammer?
1) Do not reply to their e-mails or texts.
2) Do not give any of your personal information.
3) Do not send any payment or buy anything for them.
4) Inform your colleagues/networking contacts for that company/contact.
If you still don’t know and need help, reach out to us!
By Denida Grow
Bio: Venessa Ninovic is an Intelligence Analyst working in law enforcement and has experience investigating fraudulent activity and threats online. In her spare time, she writes blogs about OSINT/SOCMINT, and intelligence analysis, sharing her knowledge to give back to the community.
You can follow Venessa’s blog here & follow her on Twitter @intel_inquirer