Cybercriminals are using job search tools like LinkedIn to access the personal data of thousands of users. This is why it is so important to know how to identify and protect yourself against this threat.
Every day more than 500 million people use the LinkedIn platform to share content, follow companies, and look for work. It is also quite common – and can be risky – for users to accept invitations to connect with complete strangers.
Cybercriminals are exploiting this habit and posing as human resource recruiters in order to obtain significant volumes of personal data, such as email addresses, telephone numbers, or mailing addresses, which can then be used to sell on the black market or to commit identity theft.
Social engineering is the key to ensnaring victims
Perpetrators tend to draw on social engineering (scamming and manipulation techniques) in order to take advantage of the victim’s need for work or circumstances of unemployment. A method they use consists in publishing fake job offers on LinkedIn or sending email messages with malicious links that redirect to fake web sites where, once the user accesses the site, he or she is asked to fill in forms with their personal data. Visually, these fraudulent portals tend to be very similar to the sites they are impersonating thus making it very difficult for a user who isn't fully alert to detect the scam.
How to identify this type of fraud?
- Be wary of profiles without a photo and don't blindly trust those profiles that have photos: often the photos that are posted come from image banks and are the profile pictures of other social network users.
- Look at the contacts of the person or entity that has sent the notice.
- If you receive an offer through LinkedIn, by email, or Whatsapp, search the Internet for the name of the contact to verify that the contact details and/or photo corresponds with the profile data.
- If you cannot find any information on the Internet about the existence of this person or business, it is mostly likely a scam.
- If the contact relates to a known person or company, but there is still something suspicious about the situation, call or use another mode of communication to verify that the offer has come from who it says.
Following this advice will help you avoid possible scares. An example comes from Arantxa, a Twitter user who was suspicious of a job posting when she was asked for 20 euros to attend the job interview. She decided to use a different channel to contact the company’s official offices and discovered that the job advertised was a scam.
- Be especially wary of messages that describe the position as "a once in a lifetime opportunity that can’t be passed up." Fraudulent job postings tend to offer exorbitant salaries or ones that aren't commensurate with the position on offer.
- Also be leery when you see spelling mistakes or a poorly written message. Remember that a real company will use professional writers and translators, people who can write well in whatever language is required.
- Check to see if the wording of the job offer has been plagiarized. Copy and paste the text into a search engine. In doing so, you might find other users who have fallen victim to the same scam.
- Be particularly on guard when it comes to job offers from overseas.
- Also, don't trust the offer if you are asked to make a call to a high-tariff number.
- Be suspicious if you are guaranteed the job without even being asked to go in for an interview.
- Remember: no company would ask you for money to participate in an interview or be considered as a job candidate. If someone asks you for payment or to make a transfer for any reason, it is very likely you have encountered a scam.
Obviously, be wary of emails or social networking sites that offer easy money for doing absolutely nothing from the comfort of your home. On the Internet, just like the brick and mortar world, when something sounds too good to be true, it usually is.
What should you do if you discover a fake job offer?
- Don’t answer suspicious messages or emails, don't open attached files or documents, and don’t click on any links in the message.
- Never provide personal data like bank data.
- Do not, under any circumstances, make deposits to accounts they have provided you.
A good example is from a user who received a job offer for her dream job. She was, however, asked to pay the costs of processing a visa to a lawyer for the supposed company. They promised that this money would subsequently be repaid. This is a particularly elaborate scam; the perpetrators managed to impersonate the company by copying their corporate logo and using a domain that was almost identical to the real one: instead of “petroleum” they used “petoleum:” email@example.com).
- Use the web site or appropriate social media network to report the scam. If you received a fraudulent job posting via LinkedIn, click on the ellipses (...) and choose “Report / Block”, choose the option that best fits the scenario, and hit “Submit."
- Let your contacts know what happened so they do not fall for the scam.
- Do a little “egosurfing” (looking yourself up on the Internet) to check to see if your data is being used illegally online.
- If you find information that you don't like, you can ask them to delete it, citing your legal rights, by following the guidelines provided by the data protection agency per country.
- If you have been the victim of a scam, you can lodge a report with the authorities of the respective country.
In short, just like in the real world, it is advisable to be cautious about accepting contact from online strangers and believing what they are offering. Keep these tips in mind and you will improve your ability to identify Internet scams, in addition to helping you keep your personal data safe.