Scammers continue to spoof job listings to steal money and data, FBI warns
Image: Tim Mossholder
Adam Janofsky February 2, 2022

Scammers continue to spoof job listings to steal money and data, FBI warns

Adam Janofsky

February 2, 2022

Scammers continue to spoof job listings to steal money and data, FBI warns

Since at least early 2020, video game giant Riot Games has been dealing with a scam that is increasingly ensnaring companies and job seekers alike.

According to a lawsuit filed by the company in November, a team of scammers “undertook an extensive, coordinated, and highly sophisticated fraud scheme” that lured eager professionals into handing over banking information and other sensitive data by dangling fraudulent job postings and interviews with fake human resources representatives.

Similar scams have been reported by Biogen, Vox Media, Harvard University and many others.

On Tuesday, the US Federal Bureau of Investigation warned that these scams have cost victims an average of $3,000 since 2019, and often negatively impact their credit scores. The FBI’s Internet Crime Complaint Center (IC3) specifically alerted companies to a lack of strong security verification standards on recruitment websites, which allows criminals to post fake job ads.

A lawsuit filed by Riot Games detailed how scammers tricked job seekers into handing over baking information.

In one example cited by the FBI, security standards on an unnamed recruiting website were so absent that it allowed anyone to post a job on an official company page, which would appear next to legitimate listings.

“Fraudulent job listings include links and contact information that direct applicants to spoofed websites, email addresses, and phone numbers controlled by the scammers where the applicant’s personal information can be stolen and then sold or used in additional scams,” the alert reads. “In some cases, the scammers use the identities of actual company employees to increase the perceived authenticity of the job posts.”

Although it’s difficult to know the scale of the problem, recruiting sites say they stop millions of scams every year. In its most recent transparency report, LinkedIn said it removed 232,000 items of spam and scam content reported by members between January and June 2021, up from 198,500 during the same period in 2020 and 104,600 during the same period in 2019. LinkedIn’s reporting does not distinguish between spam content and outright scams.

The FBI has previously warned that many of the fake job offers are for work-from-home positions, making it easier to trick people through text or phone-based interviews instead of in-person meetings. Additionally, “technology has made this scam easier and more lucrative,” according to a previous public service announcement, referring to the rise of third-party recruiting sites and tools that make it easier to spoof companies and conduct fake interviews.

Adam is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.