As ProPublica has reported, cybercriminals are flooding the internet with fake job ads and even bogus company hiring websites whose purpose is to steal your identity and use it to commit fraud. It’s a good reminder that you should vet potential employers as closely as they vet you.

Here are ten tips on how to spot such scams:

1. Beware of abnormally high salaries

One of the ways criminals entice people is by advertising unusually generous pay. If the salary being offered in a job ad is way above what you see in other ads for similar positions, be wary. You can get an idea of average weekly earnings by industry using the Quarterly Census of Employment and Wages or check out salary calculators on websites such as Glassdoor.

A fake job ad on LinkedIn that promises unusually high pay for shuttle-bus drivers

2. Don’t accept jobs you didn’t apply for

Sometimes cybercriminals obtain the contact information of people who have submitted their résumés to job-seeking websites and then email them to say they are preapproved for a job. These are bogus messages whose main purpose is to get people to share additional information, which the scammers will use to commit fraud. The emails may also include malware that can infect your computer. Ignore such messages and don’t open any attachments.

3. Be wary of job ads touting the need to verify your identity at the outset

Ads that demand you share your driver’s license or Social Security number as part of an initial application, or very soon after, are a significant red flag. Legitimate employers rarely request such information until much later in the hiring process.

A phony website purporting to be the Spirit Airlines careers site asks for the applicant’s driver’s license as part of the initial application process

4. Take the text of the job ad and put it in Google

Cybercriminals sometimes reuse the same job ads over and over, posting them on LinkedIn, Facebook and other online platforms with only slight modifications. If you spot an ad that features virtually identical language to that used by various employers all over the country, it could be a scam.

5. Research the identity of the person posting the ad

Cybercriminals are creating fake profiles on LinkedIn and Facebook meant to resemble individuals at real companies who are posting job ads. One clue: a person claiming to work for a company in the U.S. while showing check-ins at locations in other countries. When in doubt, contact the companies directly to ask if they’re actually recruiting for the positions. If they’re not, report the suspect profiles to LinkedIn and Facebook.

Screenshots from a fake Facebook profile that claimed to belong to a senior manager at Denver International Airport, but which showed a check-in in Owerri, Nigeria. (The ad was removed after an inquiry by ProPublica.)

6. Check the spelling and domains of company names

When you vet companies, be aware that cybercriminals sometimes steer potential applicants to fake websites they’ve created that mimic the sites of real companies — except that, say, an extra letter has been added to the company’s name. When job applicants can’t spell a company’s name right in a cover letter, recruiters are apt to toss those applications in the trash. Do the same with any companies that seemingly can’t spell their own names.

Top: A domain name for a fake careers website posing as Spirit Airlines that misspells “Spirit” as “Spirits.” Bottom: The real Spirit Airlines careers web address.

7. Avoid text-only interviews

The pandemic has made it necessary for many employers to conduct job interviews remotely via services like Zoom. But be cautious of hiring managers who insist on communicating only by email or text or using messaging platforms such as Telegram to conduct interviews. Sooner or later, a real employer will want to see and interact with a recruit, whether through a video call or in person. Cybercriminals typically don’t want you to hear their voices or see their faces, since it raises the chances you’ll realize they’re not who they say they are.

8. Don’t give out your credit card or phone account login

A real employer doesn’t need to know your credit card number, credit score or phone account login to process your job application. Cybercriminals sometimes ask for such information up front to commandeer your phone and finances, often under the pretense of needing to set you up with a company phone plan or purchase equipment you’ll need to do your job (see next item).

9. Don’t buy things on behalf of a potential employer

Beware of companies that, before you’re hired, offer to send you a check to purchase a computer or other equipment. It’s a variation on an old scam that involves criminals asking marks to send their own money to some third party with the promise that they will reimburse the marks. Inevitably, the reimbursement doesn’t come through, and the mark is left holding the bag.

10. If something feels suspicious, investigate — or walk away

If at any point in the job application or interview stage something feels wrong to you, don’t ignore the feeling. Ask yourself if you see any of the warning signs outlined above. Or pause and ask a trusted friend or relative for a reality check.

Do You Have a Tip for ProPublica? Help Us Do Journalism.

Got a story we should hear? Are you down to be a background source on a story about your community, your schools or your workplace? Get in touch.

This form requires JavaScript to complete.
Powered by Screendoor.
Expand

Have you had your identity stolen during the pandemic because of a data breach or a fake job scam? If so, tell us about it. Email cezary.podk[email protected].