The number of job adverts posted online is the highest since before the pandemic by over 150% (according to the ONS). As shown by the Office for National Statistics, there are more vacancies in the United Kingdom than ever before - ending the year with over 1 million. Such an increase in vacancies has flooded the market with job postings in various sectors.
Many cybercriminals are taking advantage of this increased activity and are creating fake job postings. These fake adverts aim to trick people into revealing personal/financial details or handing over money for phoney services.
Cybercriminals are taking advantage of the hot job market and injecting job listings that look like the original job posting. ZScaler has found that attackers scrape and reuse the contents of actual job postings to convince applicants the post is legitimate.
Some scams can gather personal information from a prospective applicant, asking for critical information like name, date of birth, address, and national insurance numbers, which they can use to impersonate you and commit other offences. In addition, personal information could be used for any number of nefarious purposes, such as taking over victims' accounts, opening new financial statements or using the victims' identities for other scams.
More sophisticated scams take it even further. For example, once a person applies to a fake job listing, the attacker will reach out via a source such as LinkedIn and start a seemingly realistic application process, gathering more personal information from victims as they go. The next stage is an attacker conducting false interviews or asking for money for an initial training package or starter kit.
In the UK, Cifas members recorded almost 158,000 cases of identity fraud in the first nine months of 2021, equivalent to one person every 2.5 minutes.
How can you Spot a Fake Job Advert?
Look out for these red flags:
Interviews are not conducted in person or through secure video conferencing applications
Potential employers require employees to purchase equipment or transfer money to the business as a fee
Potential employers requiring credit card information of employees
Potential employers are emailing from regular domain emails, such as @gmail.com or @yahoo.com
Non-standard domain names. Particularly: .online, .live, .xyz
Unsolicited job offers from companies with little to no presence on the internet
Job postings appear on job boards but not on their website
If you receive a job offer via SMS, report it to 7726
Advice for businesses Recruiting New Staff
As businesses continue to expand and grow, the need for new employees also increases. Unfortunately, with this comes the risk of cybercrime and fake job postings that can compromise a company's reputation and finances.
Three key ways businesses can protect themselves when recruiting new employees:
Remove old job adverts when they close
Use reputable recruitment tools, job boards and companies
Provide clear communication channels for applicants to contact your company
By following these steps, businesses can help protect themselves and their potential employees from cyber threats and reduce the risk of cybercrime. Companies can also stay vigilant and educate themselves about the latest scams and how to avoid them.
Talk to us about Security Awareness Training for your staff and our Digital Footprint Assessment for a more in-depth understanding of cybercrime prevention.
Searching for a New Job? Here's how to Stay Safe
Best practices while searching for a new job include:
Reach out directly to the company through official contact information to confirm the job listing
Only submit job applications through verified sources like the company's official website or authentic job boards
If you are unfamiliar with a company, Google search the company name with the keywords "fraud" or "scam". You may find stories or additional information.
Never make any payment for a job application or job offer
Be cautious of conversations with unofficial company email address