DOJ Warning to Job Hunters

10068499668?profile=RESIZE_400xThe US Department of Justice, FBI's Internet Crime Center (IC3) is warning that scammers are exploiting verification weaknesses in job-focused networking sites to post legitimate looking ads, capture personal information and steal money from job seekers.  Scammers "continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," authorities warn in a new public service announcement.  See:

The bogus ADs threaten to damage the impersonated firm's reputation and financial loss for the job seeker.  According to IC3's complaint reports, the average reported loss from this scheme since early 2019 has been $3,000 per victim.[1]

In one notable scheme, attackers used a real company account on an employment-oriented network site to post fraudulent job postings.  "The lack of strong security verification standards on one recruitment website allowed anyone to post a job on the site, including on official company pages," the DOJ notes.    "Those postings would appear alongside legitimate jobs posted by the business, making it difficult for applicants and the spoofed company to discern which job posting was real and which one was fraudulent." 

The US government cyber hunters do not disclose which site lacked verification checks.  BleepingComputer reported in August that a feature on LinkedIn allowed anyone to post a new job AD from the account of a known brand without providing verification.  To add to this confusion, authorized personnel of the company account could not take down the fraudulent job ad(s). 

Microsoft-owned LinkedIn recently published its latest ‘Transparency Report,’ highlighting how many scam postings and fake accounts it took down in the six months to 30 June 2021.  It claims its automated defenses blocked 97.1% of all fake accounts during the period, amounting to 11.6 million fake accounts stopped at registration.  However, some 85,700 accounts were stopped after users reported them.  It also proactively removed 66.1 million spam and scam pieces of content on LinkedIn, but removed 232,000 pieces of such content after members reported them.  Scammers also replicated legitimate job postings, changed the contact information, and then posted the now-fraudulent job ad on other networking sites.

The job recruitment scam ADs borrow a lot of real information from impersonated hiring firms, including logos, images, email address and spoofed websites.  In some cases, the scammers use the names and positions of actual company employees to improve online impersonation and then use those borrowed identities during the fee interview and hiring process.  Three examples of these scams over the past year where real employees’ names were used.

Fake job scams are an old trick, but online recruitment and teleconferencing apps have made it more lucrative and easier to create false interviews.  Stolen personal information is used to take over a victim's financial accounts, open new accounts, or use it to obtain fake driver's licenses or passports.

The criminal strategy is as follow: victims are often offered work-from-home jobs and are sent a bogus employment contract to sign, and then asked to submit driver's licenses, Social Security numbers (SSN), direct deposit information, and credit card information.  Victims are asked to pay upfront for background checks, job training, and startup supplies and told they will be reimbursed in their first paycheck.  After victims pay, the scammers vanish.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed transportation cyber indicators.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or     

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings


E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!