Social Engineering Job Scams Continue

Scams

June 1, 2024

The NJCCIC continues to observe social engineering schemes targeting individuals seeking employment, often referred to as job scams. Increases in layoffs and job cuts exacerbate this issue; layoffs in the financial sector alone increased roughly 419 percent in the first quarter of 2023 compared to the first quarter of 2022. Cybercriminals can more easily target individuals who declare they are seeking employment via social engineering platforms. Additionally, solely using online forms of communication throughout the hiring process makes it more difficult for individuals to identify red flags.

In these job scam schemes, cybercriminals target job seekers by creating and posting fraudulent job postings or profiles through trusted professional online employment boards and websites, such as LinkedIn, CareerBuilder, Indeed, and Monster, or via social media platforms like Facebook. Threat actors impersonate legitimate recruiters and employers, spoof company websites, and directly communicate with targets through email, social media, or SMS text messaging. Once contact is established with a job seeker, the cybercriminal will often request personal, account, and/or financial information as part of the application process with the intent to obtain personally identifiable information (PII), gain unauthorized account access, or steal monetary funds, which may potentially result in identity theft.

Examples of job scams include work-from-home or remote work, nanny, caregiver, virtual personal assistant, mystery shopper, job placement service, and government or postal positions. In a recent incident reported to the NJCCIC, an individual was initially contacted via Facebook for a data entry job posting. The individual requested a Zoom call, but the hiring manager declined the call and requested that further communications and the interview be conducted via Telegram. During the Telegram call interview, the hiring manager requested the applicant’s PII, including a photo of the front and back of the individual’s driver’s license, and then instructed them to open a Green Dot Visa card for direct deposits. At this point, the individual became aware that this could be a scam and ceased communications.

Red flags indicating a job opening or offer may be a scam include vagueness from the employer or hiring manager about the position; the job sounding “too good to be true”; upfront requests for personal and financial information, such as Social Security number, driver’s license number, or banking information for direct deposits; requests for money prior to receiving a job offer; a sense of urgency to respond or accept a job offer, and the use of unofficial communication methods, such as personal email accounts, noncompany email domains, and apps such as WhatsApp, Signal, or Telegram.

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Job seekers are advised to examine potential offers by contacting the company’s human resources department directly via official contact information and research potential employers and businesses online to determine if others have reported a scam. Navigate to websites directly for authentic job postings by manually typing the URL into a browser instead of clicking on links delivered in communications to ensure the visited websites are legitimate. Additional information on job scams can be found on the Federal Trade Commission (FTC) website.

If victimized, report the scam directly to the respective job board or organization, the FTC, and the NJCCIC. If PII compromise is suspected or detected, contact your local law enforcement department. Review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes and enabling multi-factor authentication (MFA) on accounts.

For any further questions, contact us here at Cyber Command.