Following layoffs in the tech sector, former employees are increasingly turning posting messages on professional networking services, like LinkedIn, in order to find a new job. Unfortunately, given how open LinkedIn is, this has resulted in new opportunities – but not just for job seekers. Rather, there has been a wave of state-of-the-art recruitment scams targeting those looking for new career opportunities.
“There’s certainly an increase in the sophistication of the attacks and the cleverness,” Oscar Rodriguez, LinkedIn’s vice president of product management, told the Financial Times last month.
“We see websites being set up, we see phone numbers with a seemingly professional operator picking up the phone and answering on the company’s behalf. We see a move to more sophisticated deception,” he added.
As a result, the platform has attempted to block tens of millions of fake accounts in recent months, and LinkedIn is warning applicants to be wary of any offers that “seem too good to be true,” or seek personal or financial information.
“Recruitment scams are yet another way criminals try to capitalize on the misfortune of others. These attacks are especially disheartening for job seekers struggling with economic pressure. Attackers are preying on their hopes of new opportunity and fears of a possible recession,” explained Jim Kelly, regional vice president for endpoint security at cybersecurity research firm Tanium.
He warned that these employment platforms can offer a false sense of security or protection and users can believe they are safe from harm.
“Unfortunately, cons like this are likely to continue as long as the economic downturn creates a sense of desperation in both criminals and victims,” Kelly told ClearanceJobs. “This is exactly where criminals seek to strike.”
Employment scams aren’t new, but these skyrocketed during the pandemic as workers sought to find ways to telecommute. These are on the rise again, following the wave of tech layoffs. Though some scams are far easier to spot, some are quite convincing. Many scammers identify businesses that are already hiring, and then create “lookalike” websites with similar jobs ads, and then use LinkedIn to target jobseekers.
How the Scams Can Work
Where the LinkedIn scams work differently from those on social media platforms such as Facebook, where goods or services are offered and payment is then requested to be made by a friends & family transfer of funds, where the item never arrives – with these scams, would-be hires are directed to buy specialized equipment needed for the job!
In some cases, “new hires” are told they need to purchase – or at least pay a deposit – for computers, printers, external hard drives, and even file cabinets. Would-be employees then paid money for the IT equipment or third-party training, with the promise the money would be reimbursed.
In other situations, would-be employees were asked to hand over confidential details.
“LinkedIn is the greatest public trove of intelligence – work that used to take an intelligence service months is right there: business relationships, background, history, et al,” cautioned Bryson Bort, CEO and founder of cybersecurity provider SCYTHE.
“Add in the pressure to find that next job, especially with the tech market layoffs of the past year, and it is an attractive combination for scammers drawn to the potential for a quick score,” Bort told ClearanceJobs. “When I teach social engineering, it starts with human psychology: scammers want their targets to think with their ‘lizard brain’ imbued with doubt, urgency, and a lure – a new job.”
AI – a Pro and Con
Ironically, some of the technology that was likely developed by many of today’s new job seekers could be playing a role in advancing the scams – but also in their detection. This includes LinkedIn’s efforts to use its own artificial intelligence (AI) to detect “deepfake generated profile photos” while new language programs including OpenAI’s ChatGPT could be employed to craft more convincing copy in job listings that can fool even savvy jobseekers. That could make it all the harder to detect potential scams.
The good news is that almost 22 million fake accounts were blocked by LinkedIn in the first half of last year. Almost 75% were actually stopped at the registration stage, while a further 24.6% were removed after being flagged by users.
More can still be done – and that begins with greater due diligence. But clearance holders need to be even more cautious. Make sure you’re looking for your next cleared job in the right place.
“Take a step back. You can always contact a reputable company directly off their website instead of trusting what you see served to you,” said Bort.
“It is critical to keep personal and financial information safe and shared only with verified individuals and entities,” added Kelly. “Best practices typically used to thwart phishing emails can be applied in these scams as well, including being pressured to respond quickly, suspicious links, egregious misspellings, or offers of something too good to be true.”