How many ways can you get scammed online? From spam emails to crypto scams, scammers create many opportunities to obtain your information and commit identity theft. One of their tricks is to pretend they want to hire you for a job.
Job seekers are particularly vulnerable to identity theft schemes. You have to give all sorts of information about yourself before you can even get an interview. According to the FBI, scammers take advantage of job applicants by creating fake job postings to phish for personal information. Scammers then use the data they collect to commit identity theft.
Does a job offer seem suspicious to you? Your intuition may be correct. Victims have reported an increasing number of FBI hiring scams since 2019. According to the agency, the average loss reported was nearly $3,000 per victim in addition to damaged credit scores.
Here’s how the scam works: Criminals create fake websites, often with stolen graphics of company logos to make the site look legitimate, to harvest information about job seekers. The scammer’s post links to these phishing sites on well-known job boards. Job seekers fill out forms with key information such as addresses, phone numbers, social security numbers and work history. In some cases, scammers even contact victims and ask them to prepay for background checks, job training, or supplies. Once the scammers receive the money, they disappear.
Job posting scam indicators
Suspicious interview tactics
In-person interviews aren’t always an option, so video calls are the best bet. If the employer isn’t using a company email address or verifiable phone number to schedule and conduct a video call, this may be a red flag.
If the potential employer asks you to pay at any stage of the hiring process, it’s probably a scam.
Credit card inquiries
Employers don’t need to know your credit card number to see if you’ll be a great employee. Avoid anyone who asks for this information.
Recruiters or hiring managers who have blank or empty profiles on job networking sites, or whose profile information does not match their roles
For example, the recruiter for a Chicago-based software company shouldn’t have the profile picture, description, and credentials of a Malibu yoga instructor.
How to stay safe while job hunting
The FBI offers seven tips to help job seekers avoid phishing scams:
Research the employer online before applying for a job to ensure that the company and the job are legitimate.
Does the company exist? Does the recruiter or hiring manager listed on the job posting work for this company? Does the job ad link to a secure web address beginning with https://? If one of the answers is no, run away!
Check job postings found on networking sites and job boards.
If you found the job posting on a third-party job site such as Indeed.com or LinkedIn, check to see if the same job is also listed on the company’s website. Not all employers host their own page with job postings, but many do. If you don’t see a job listed there that you’ve seen elsewhere, take that as a red flag and keep looking for others.
Do not provide your bank details until you have been hired.
Scammers may ask for money or bank account information during the interview. A legitimate employer won’t ask for your bank details until you’ve signed a contract and set up direct deposit, and even then they’ll ask you to verify only the bank name, account number, and account number. routing number or SWIFT code, but never your online banking username and password.
Confirm the employer’s identity with an in-person interview or video call.
Do not accept a job only by e-mail, by phone or through a chat application.
Never send money to anyone you meet online, especially by bank transfer.
Again, scammers may try to charge you for supposed training fees or background checks. A legitimate business or employer will not make such requests.
Do not share your social security number or other personal identification with third-party job search apps or networking sites.
Do not enter sensitive information into online web forms on third-party job search sites.
If you enter your social security number online, make sure the site is secure. Check the web address for “https://”
Only enter this information after you have contacted a human in person or via video call.
Remember, if you have any doubts about the legitimacy of a job offer, take the time to research the company, recruiter, or hiring manager online. A few minutes of Google research can save you money and credit problems in the future.
Do you like what you read ? You’ll love having it delivered to your inbox every week. Sign up for the SecurityWatch newsletter.
How to tell if your security software is working
You probably haven’t thought about your security software or antivirus since the day you installed it. Does it work? PCMag’s Chief Security Analyst, Neil J. Rubenking, has compiled a list of ways to make sure you’re getting the protection you want. Here are some highlights from this article:
Update your antivirus
Open your anti-virus software and address any messages about updating databases, or click the Update command. Consider enabling automatic updates for your security suite if you don’t already.
Evaluate your software
Are you using the best antivirus, password manager, parental control software or VPN? Not sure? Check out PCMag’s reviews for our Editors’ Choice picks in each category.
Test your antivirus
Most people don’t have malware on hand to test their security software with. The EICAR site can safely test your computer’s malware protection. If your antivirus is working, you should not be able to download the fake malicious file from the site.
Check your VPN connection
Every time you connect to a new VPN server, check if your real IP address remains hidden. Go to DNSLeakTest.com without the VPN running and write down your real IP address. Activate the VPN and return to the site. If you see the same set of numbers, disable the VPN and uninstall it as it does not hide your IP address.
What else is going on in the security world this week?
DHS reveals first cybersecurity review board in the United States. First order of business: a report on vulnerabilities discovered in the Log4j library in 2021.
Recommended by our editors
‘Silent AirTags’ with Pop Up Removed Speakers on Etsy, eBay. Silent AirTag listings and online guides say silencing the speakers prevents thieves from finding them on stolen items, but privacy advocates have issues with harassment.
Mozilla combines multi-account containers with its VPN service. Mozilla has married two of its privacy-focused tools: Multi-Account Containers and Mozilla VPN.
NordVPN’s parent company merges with VPN provider Surfshark. Both VPN providers say they will continue to operate independently and will not share IT infrastructure.
Google is bringing its VPN to iOS devices. The VPN with the descriptive name of Google One is now available on Apple smartphones.
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.