Those on the hunt for a new job following the mass tech layoffs around the world have been warned to be highly vigilant for damaging scams which are stealing money and sensitive data from potential employees.
Nearly 50,000 jobs have been cut across tech giants Google, Meta, Amazon, Twitter and Microsoft in recent months, with roles in Australia included in those scrapped.
Cyber scammers have quickly mobilised on the back of this and heightened efforts to exploit job seekers with a range of employment scams, according to IT security company Zscaler.
These scams involve the use of fake job ads, mock websites and information harvesting tactics in order to obtain money and lucrative personal information from unsuspecting hopeful employees.
“Job scams can take many forms and can use deceitful tactics to entice victims,” Zscaler global chief security officer Deepen Desai told Information Age.
The Zscaler ThreatLabZ team has seen several suspicious job portals and surveys which are being used by attackers to gain information from job seekers under the guise of employment application forms.
According to the ACCC’s Scamwatch, Australians lost $8.7 million to recruitment scams last year. And unlike other online scams, young people aged between 25 and 44 years old were most impacted and reported the biggest losses.
There were more than 3,100 reports of job scams to Scamwatch in 2022, with hackers commonly offering the promise of making quick money to job seekers, then asking for payment in exchange for a guaranteed income.
These attacks have increased in regularity and sophistication following the tech layoffs of late, Zscaler found, and vulnerability has also increased due to the popularity of remote work.
“During times of economic uncertainty and high unemployment, people may be more vulnerable to job scams and more willing to take risks to secure employment,” Desai said.
“Scammers are capitalising on the uncertain economic landscape by offering fake job opportunities or preying on the desperation of job seekers.”
The scams work by attackers advertising fake jobs online on mock job-finding websites, often based on real job ads on other platforms such as LinkedIn, in order to make them more realistic.
They will also commonly look for unsuspecting targets on social media who may be recently out of work or looking for a new job.
The scammers will also pretend to be recruiters from specific companies, often from North America, the cyber researchers found.
Once they have someone on the hook, the attacks will obtain information from fake application forms, with this information then sold or used to extort the victim.
Recently registered domains will typically be used, along with suspicious top-level domains such as .online and .live, accompanied by the name of a real business.
While researching these job scams, Zscaler found one such scam where the actor was pretending to be a Zscaler recruiter in order to target job seekers on LinkedIn.
The posting was for a Zscaler analytics manager, copied word for word from a real job listing on Smart Recruiters, apart from a lowering of the years of experience required in order to dupe more victims.
The job listing required individuals to apply via a link where they were then prompted to fill out a questionnaire which asked for information including identity verification such as a driver licence or passport.
The scam went on, with a fake interview organised via Skype using an actual spoofed profile of a Zscaler recruiter.
The victim would then potentially receive a fake job offer and undertake a sham onboarding process.
Eventually, the victim was asked to pay the shipping costs of IT hardware required for the fake role, or to pay for the onboarding.
In order to avoid falling victim to one of these scams, job seekers should ask for a direct link to a company’s job posting and consider reaching out directly to the company to make sure it’s real, Desai said.
They should also only submit personal information on online applications hosted on authentic verified sites.
Potential employees should also never communicate with an unofficial email address or respond to a text or phone number without verifying it.
The normal tell-tale signs of a scam, such as poor grammar and spelling mistakes and communication only via chat, should also be closely observed.
“Other red flags include promises of easy money, upfront fees, vague job descriptions and requests for personal information or payment before starting a job,” Desai said.
Employers also have an important role to play in educating job seekers to identify these scams and provide resources on how to avoid them.
