Sign up to our newsletter
The latest security news direct to your inbox
Job scams are a permanent fixture in cyberspace. Anyone who has posted their resume online has offered cyber gangs two crucial pieces of information – one, a way to contact them, and two, the fact they’re in need of a job.
Scammy offers can arrive via spam email, via actual ‘snail mail’, or increasingly via LinkedIn, where jobs which seem too good to be true are offered up by attractive female recruiters, as reported by We Live Security here. The jobs are, of course, too good to be true, and are in fact the first stage of an identity theft attack.
Bogus LinkedIn invitations have become a key tool for phishers - but even within the site, you can’t trust every invitation, especially when it comes to job offers.
ESET Senior Research Fellow David Harley says, “At a time when the global economy is in crisis, there are all too many people solving their own employment and financial problems by scamming the unemployed, and job scams are an obvious way of grabbing their attention.”
London’s Harrods is one of the best-known luxury stores in the world – so alarm bells should have rung when it postted job adverts via free classified site Gumtree, where data entry jobs outnumber jobs in banking two to one. For many, it didn’t, though, and thousands of victims clicked a link which installed malware on their computer, netting a gang of cybercriminals millions, according to the Daily Mail’s report.
ESET Ireland reported on a rash of emails, distributed as spam, but with official-looking company logos and applications – most of which required data which would be highly useful in banking scams or identity theft. Others seemed to be genuine job offers – ‘jobs’ as money mules, the bank accounts through which cybercriminals move and launder their profits. ESET Ireland warned, “Needless to say, the golden rule ‘If it sounds too good to be true, it probably is’ should be applied rather vigorously to most, if not all, such emails. The only goal of the cybercriminals is to make money. Any offers they make, any promises or good deals they offer, all serve their main purpose, to get to some of your money and make it theirs.”
Claudine Bodin, a communications manager from Canada, says on a LinkedIn forum that she received bogus job offers via LinkedIn where the interviews were to be conducted via Yahoo Instant Messenger. “I was not the email recipient,” says Bodin, “but rather the email had been sent to ‘undisclosed-recipients'”. Googling the companies, she found they were disreputable high-pressure sales firms – and stayed firmly away, warning others, “Do not waste your time. When you post a resume online these scavengers will find you.”
One fake job advert offfered tantalising hotel jobs in Canada: “I am Miss Eliza Johnson from Canada, am The Manager Of Travelers Inn Hotel, The Hotel Need Man And Woman Who Can Work And Live In Traveler Inn Hotels here in Canada.” ESET’s David Harley warns in a detailed blog post on job scams that if the scammers can’t be bothered even to make up details such as whether they are recruiting cooks or chamber maids, “the jobs probably don’t exist.”
The job of ‘mystery shopper’ sounds faintly fictional, but it is real – ordinary people paid to pose as shoppers and report on their experience. ESET Senior Research Fellow David Harley says that such jobs are commonly used in scams – and offers should be treated with extreme caution, even when the scammers offer a cheque up front.
In a post explaining one such recent scam, Harley writes, “Mystery shopper jobs exist, but mystery shopper scams are probably far more common, and victims may lose thousands of dollars, according to the Better Business Bureau. There are no free lunches: jobs that offer lots of money for people with no skills for doing not very much are very suspicious indeed. $600 an hour? I wish I earned that much… In fact, you’d be doing well to get much more than $100 a day for a mystery shopper job. A typical scenario with this kind of scam is that the scammer sends you a cashier’s check to cover your expenses for testing a service, and requires you to wire the money to them within a short time. However, as previously discussed on this blog concerning a different scam, it can take a week or more in the US before a cashier’s check shows up as forged, and the scammer will pressure you to wire the money long before that. When the bank realizes that the check is worthless, you – the aspirant mystery shopper – will be held responsible and charged by the bank for the amount the bank has lost.”
Author Rob Waugh, We Live Security