How recruiting scams are evolving and escalating

The past two years saw the balance of power shift from employers to applicants as the labor market, flush with job openings, disrupted the dynamic. But just as avenues opened up for applicants, opportunists pounced, impersonating recruiters and hiring managers in an effort to steal applicants’ money.

Employment scams skyrocketed in the latter part of 2020, peaking with 21,832 reported in the third quarter of 2021, according to Federal Trade Commission data. The Better Business Bureau’s 2021 Scam Tracker Risk Report found employment scams were the third-riskiest category tracked by the watchdog group that year. The BBB estimated 14 million people in the US and Canada are targeted annually by employment scams, resulting in $2 billion in damages, according to a 2020 survey of 10,670 people who reported incidents.

Scammers deploy a range of tactics, from creating fake job boards with seemingly authentic company branding to issuing fraudulent checks meant to reimburse candidates for purchasing work equipment from phony suppliers. The goal, almost always, is to bilk unwitting job-seekers, Josh Yavor, CISO at cloud email-security platform Tessian, said.

They are “fraudulently impersonating employers, or parties affiliated with employers, in order to achieve their goals, [which are] usually some sort of financial reward, by being able to trick people into transferring money…or by compromising further accounts or being able to achieve identity theft,” said Yavor. This presents headaches for HR and IT teams intent on ferreting out bad actors.

HR should publicly share their hiring processes and policies so that applicants aren’t taken for a ride, Yavor explained. As phishing scams grow more sophisticated, this question will underscore the candidate-recruiter dynamic: “How do you build and establish trust when mutually, on both sides, [they’re] starting from a point of generally little to no preexisting relationship?”

A vulnerable target. Earlier this month, LinkedIn messages from applicants began trickling into Talie Schwager’s inbox, informing her that her company, CoinDesk, was offering jobs for positions “we are not actively recruiting for,” she explained. As the company’s VP of people and HR, she was taken aback.

She said the attackers created a fake CoinDesk jobs site and sent out emails, ostensibly from her, advising candidates to “complete your career application form on our official website for proper enrollment into our system using the link provided below,” according to a fraudulent email shared with HR Brew. CoinDesk’s security engineering team eventually took the fake jobs site offline, Schwager said.

Job candidates are targeted because they “are in a vulnerable position,” Yavor said. “There’s absolutely motivation on their end to lower their guard a little bit and click more links and believe more emails and open more files.”

For recruiters inundated with messages from candidates who’ve been targeted—or worse, swindled—it can feel disheartening. “I felt really guilty and bad that this was happening,” Schwager said, ”If you’re getting a job offer, and then you start putting the wheels in motion to leave your current job, that’s a really tough spot to be in.” She responded to the queries and advised candidates not to share any personal information.

Evolving threats. An employment scam can become a moving target as criminals evolve their deceptive practices, Yavor explained. A 2021 survey of 1,000 enterprise IT professionals in the US, UK, France, Germany, Australia, and Japan by IT software company Ivanti found 80% have noticed more phishing attempts hitting their companies, and 85% said attempts are getting “more sophisticated than ever.”

The scope of methods can vary, and one common caper is getting candidates to purchase equipment. Yavor explained scammers will subject candidates to a quick online interview—often written, as these are lower-risk than video—swiftly followed by an offer and instructions to purchase equipment through a fraudulent online retailer. Their money disappears and no equipment arrives.

Sometimes the ploy involves fake checks, said Susan O'Driscoll Cuomo, VP of information and investigations at the BBB of Metropolitan New York. They’re meant to reimburse candidates for equipment, such as laptops or cameras.

“The check generally bounces after a few days…At that point, the consumer may have purchased the items and sent them along to another party. Then the consumers are out their own money, face problems with their banks such as overdrafts and account closures, and of course, the potential for ID theft,” she explained in an email.

What can HR do? HR can mitigate the threat of employment scams by ingraining a sense of trust in recruitment initiatives, Yavor and Schwager maintained. Publicizing where jobs are—and aren’t—listed, said Schwager, is a good place to start. So is “communication around what can and should happen and what should never happen in terms of candidate experiences,” Yavor explained. Procedurally, he said, employers can ensure “all candidate communication will come from the company itself and that they don’t use recruiting partners or search firms,” adding that “companies can provide a point of contact where candidates can verify and validate that the communication that they received is actually from the company.”

Also worthwhile: Noting on an official jobs page that scams are out there. “We do have some responsibility to help people become aware, especially if we have awareness that these things are happening,” Schwager said.—SB

Do you work in HR or have information about your HR department we should know? Email [email protected] or DM @SammBlum on Twitter. For completely confidential conversations, ask Sam for his number on Signal.