Most job scams are aimed at individuals. A colleague received one just this morning: a message on WhatsApp claiming to be from a well-known recruitment agency about a job opportunity, and asking if it was OK to connect, so they could share the information.
While this colleague isn’t looking for a new job, it is common for recruiters to contact people out of the blue, to see if they can persuade them to move. Receiving such a message is commonplace, but this one was odd.
Unsolicited messages? Think twice
Following the ‘think twice’ rule, this is suspicious because:
- Why would a professional recruiter make contact via WhatsApp?
- Why not share more information, such as the job title, immediately – why so vague?
A quick search reveals that this is indeed a scam: the name of the person sending the message is not an employee of the recruitment agency. Had they used the name of an employee (which can be found through a LinkedIn search) this contact would still have seemed oddly unprofessional and untargeted.
The purpose of the scam would probably have been to persuade our colleague that this would be the perfect job, but that they would have to send a ‘registration fee’ to the agency, or maybe send some identification or bank account details in order to start work (at this non-existent job). The scammer ends up with money or sensitive information that they can use to steal money from the victim – or steal their identity.
The response for the individual is clear: ignore, block and report.
There are other types of recruitment scams, and more advice for job-seekers is available at JobsAware.co.uk, who work with the National Crime Agency, among others.
What if you are the business whose name is being used in this way?
Big household companies are often used in these impersonation scams, or (as above) well-known recruitment agencies. But it can happen to any company.
This false representation can be brand-damaging, causing reputational damage to the company, and can also affect existing employees badly if they discover that their job is (incorrectly) being advertised online. It is even possible that your HR manager’s name is being used in these scams to make them more convincing.
The scammers may clone your website, making it almost identical, or create fake pages on job boards; they may use company email addresses with one tiny change, and they might copy your branding. The communications from the scammer to the individual can be very convincing, and victims have been known to turn up on what they think is Day 1, only to find that there is no job.
What can you do?
While you can’t stop these scams, you can try to mitigate the damage to your reputation, if you are being impersonated:
- Often companies put a notification on their website to explain about these potential scams, and to explain how their company typically recruits people – and how they do not. Consider this for your own website. You could use a popup or a banner on your Jobs page and you could also include the information on a standalone page, as you do for your Privacy notice.
- Set up Google Alerts (or similar): one on your company name alone, and one with your company name and any words you might use in a typical job description. Monitor the results carefully, as they may reveal more than recruitment scams.
- Consider sharing information about job scams on your social media channels every so often, along with advice on how to recognise such a scam.
- Include information about this kind of scam internally in your regular security awareness training, and encourage your staff to share the information with their networks.
- Be prepared to respond if potential applicants want to check if a job ad is genuine or not.
- And think about how you would respond if someone has been scammed in your name, and contacts you to complain about it.
Looking for advice on cyber security, and how to protect your business? Contact the Click and Protect team on 0113 733 6230.