ITRC Finds Online Job Scams on the Rise
The Identity Theft Resource Center (ITRC) reported a surge in online job scams targeting unsuspecting job seekers for their personal information.
With 492 victims assisted in 2023, up from 226 in 2022, the alarming trend shows no signs of slowing down.
Notably, January 2024 alone saw 95 reported victims of job scams, representing a staggering 545% increase from the previous month.
The number of reports continues to spike—the ITRC saw a 545% increase in reports in January 2024 compared to December 2023.
Eva Velasquez, president and CEO of ITRC, explained that identity criminals are leveraging the trust of existing legitimate platforms by contacting job seekers on platforms like Indeed and Craigslist.
“They are telling job seekers they were scouted for jobs on LinkedIn,” she said. The criminals then ask for sensitive personal information like Social Security numbers, driver’s license numbers, ID.me login credentials and much more, then proceed to use that information to commit an array of identity crimes.
Another tactic is using a posting from a legitimate company and the name of a legitimate HR or hiring manager at that company and then “recruiting” candidates.
“While the call or text does not originate from the company, when a would-be job seeker does their due diligence, they will see the posting and assume it’s real because they don’t understand that while the posting and person are real, the person contacting them is not affiliated with the company,” Velasquez said.
Cybercriminals Also Work From Home
The report noted that remote work has made job scams much easier because there are more legitimate remote work offerings in the job market.
“Many legitimate job interviews happen online or via phone,” Velasquez said. “In other words, it allows identity criminals to take advantage of the work-from-home perks.”
One specific tactic reported by the Federal Trade Commission (FTC) is that criminals are taking outdated ads from real employers, changing them and posting them on websites.
Darren Guccione, CEO and co-founder at Keeper Security, said the significant surge in reported incidents of online job scams, as highlighted by the ITRC, reflected the growing sophistication and proliferation of identity criminals.
“Fake job postings targeting job seekers, involving deceptive listings on legitimate platforms or job websites that are entirely fraudulent, are used to lure in unsuspecting individuals with seemingly genuine opportunities,” he said.
Using phishing emails, another common strategy, involves criminals posing as reputable recruiters or hiring managers and using malicious links or attachments to extract sensitive information or install malware on a victim’s device.
Leveraging Brand Trust
The impersonation of well-known companies is a key tactic, leveraging trusted brand names to exploit the inherent trust in established organizations.
Once cybercriminals have lured in their target, they are able to steal account credentials and obtain sensitive personal information.
“All this information can be used to steal the target’s money, steal their identity, sell the information on the dark web or launch secondary attacks,” Guccione warned.
Velasquez said the most important thing for people to remember is once you find a job posting, be careful how much personal information you share, at least during the application period.
“It is a big red flag when someone asks you to download a separate third-party app to communicate or if the interview is done via email or text,” she said.
Personal information that should not be given away includes a Social Security number, driver’s license number, financial information or ID.me login information.
“Also, do not log into an ID.me login made for you,” Velasquez cautioned. “Numerous federal and state agencies use ID.me to verify the identities of registrants.”
Sharing this information or uploading information to an account set up for you allows a thief to pose as you with this login.
Other tips to avoid an online job scam include knowing the source of the job listing and not sending money to your “new boss.”
Guccione said phishing emails tailored to remote work scenarios have become increasingly popular. By impersonating recruiters, HR professionals or hiring managers, bad actors can send deceptive emails that contain malicious links or attachments.
“These phishing attempts aim to capitalize on the trust that job seekers place in remote communication channels, leading to the disclosure of sensitive information or the installation of malware on the recipient’s device,” he explained.
Like all scams, job scams are ever-evolving, and as technology and working conditions change, identity criminals will adapt their schemes to take advantage.
“We saw it firsthand once COVID-19 forced nearly everyone to work from home,” Velasquez said. “While this does not apply to only job scams, artificial intelligence also has made it harder to spot malicious emails.”
She says everyone should proceed cautiously when they receive messages they are not expecting, regardless of how legitimate they seem.