Employers, don’t let these 5 job search scams ruin your reputation

 

Employers beware: Job seekers aren’t the only targets of hackers, scammers, and thieves.

Thieves are also conducting sophisticated job search scams targeting HR professionals, recruiters, and hiring managers. The goal of these malicious attacks is to steal identity, personal information, financial information, data, and to disrupt business. Below we list five kinds of scams that HR professionals should know about.

“Job hunters aren’t the only ones who are vulnerable to recruitment scams,” says cybersecurity journalist Maria Korolov, of TheBestVPN.com. “Companies looking for new staff could also lose money, or suffer  reputational damage, if they’re not careful.”

As with real estate, location matters in recruitment advertising and marketing. When considering where to place a job ad or who to partner with in recruitment advertising, make sure that the job board you choose puts your company in the best light, says Korolov.

“You want your help wanted ad listed alongside those of well-known, reputable companies, not next to scam, work-from-home offers,” says Korolov.  “Craigslist, for example, while it is one of the least expensive options, is also flooded with iffy job postings. Some sites, like College Recruiter, manually vet companies who post ads on their platforms to ensure that scammers can’t get in.”

College Recruiter recently published The job seeker’s guide to identifying and avoiding job search scams, which highlighted the fact that the team at College Recruiter takes the threat of job search scams, recruitment advertising scams, and fake job postings seriously, and has implemented a multi-step process that identifies and blocks the vast majority of identity thieves and other scammers from ever posting a job to College Recruiter. In fact, every single job advertisement placed on College Recruiter goes through an in-depth verification process to prove the job posting is legitimate, and all ads are verified through actual contact with a human with the employer posting the job ad – something not every job board can claim.

“Here at College Recruiter, we take these fraudulent attempts very seriously and work daily to ensure all the jobs that are posted on our web site are from verified employers to protect our job seekers from applying, interviewing, and becoming victims of identity theft,” says Dani Bennett, Sales and Client Services Manager at College Recruiter.

To combat rising efforts of employers being the target of job search scams, College Recruiter’s CEO Faith Rothberg moderated a panel discussion on this topic at the 2016 TATech Industry Congress event in Orlando. In the panel discussion, and in this video, Rothberg and members of TATech, the Association for Talent Acquisition Solutions, discussed solutions for employers looking for ways to confront recruitment advertising and job search scams head on.

There are five kinds of scams HR professionals should be aware of:

1. Job search scams targeting employers’ campus recruiting efforts

Alisha Barton, University Relations Program Manager for Kerry, a leader in the food, beverage, and pharma industries, with 23,000 staff and 100+ innovation and manufacturing centers across six continents, has a sister who is a junior in college who received a phishing email from someone claiming to be a recruiter from Google.

“A common phishing scam on campuses that affects both an employer and job seekers is one where the scammer uses an email address that is similar to a company’s real email domain,” says Barton. “When scammers contact students, they often email with a list of positions and indicate that the candidate is a fit, or even hired, for these openings. They might even include real job descriptions. The email directs the student to a third party website, where they’re asked to enter in their personal information to obtain employment. The phishers use this information to steal the job seekers identity.”

In a recruiting scam like this, the college student would be the one most greatly affected, but this also affects the brand and reputation of the employer, because college students will surely talk about a potential scam that happened when applying to certain companies, which could scare off other college students or recent college grads, from applying from open jobs. It could lead to that recent college grad going to social media to share the phishing/scam story, and that could then alert future candidates who may be hesitant to apply for a job with that company.

Related: Employer branding and recruitment marketing across social media

Barton said the HR team at Kerry works closely with campus career centers to ensure job seekers are aware of Kerry’s hiring process, to prevent these type of phishing scams to affect both job seekers and employers. It’s important for other employers to do the same.

“An employer’s reputation is on the line, and developing campus relationships are key to avoiding and preventing these types of scams,” says Barton.

It’s important for companies to be aware of these situations to protect their brand image, says Tony Sorensen, who has over 20 years of experience providing strategic advicee on recruiting strategy, and is CEO and Founder of Versique Search and Consulting. “Companies thrive off of credibility and trust. If companies are not aware of these scams, something like this can severely damage a company’s integrity.”

2. Job search scammers steal company logo and creating fake career sites

Some scammers go as far as stealing a company logo, and creating a job site similar to an employers online career site. HR professionals and recruiters need to watch for these types of scams. It happens to the biggest companies too, not just small employers. In July, Shell Oil, one of America’s largest oil and natural gas producers with over 22,000 employees, posted a notice on its careers site warning job seekers that scammers were using the Shell name and logo to recruit for positions. These scammers can create some serious mistrust and reputation damage.

3. Ransomware targets HR departments, posing as job applicants

Another scam: GoldenEye ransomware targets HR departments, seeking new/inexperienced HR professionals or recruiters, or those not trained on the latest cybersecurity threats, phishing, or other job search scams. Employees end up opening emails and attachments from unknown sources, without much thought. These hackers pose as job applicants, complete with cover letters and resumes, and can infect target computers or companies with malicious software via Excel files supposedly containing an application form. Once the spreadsheet is opened by the victim, and macros enabled to run as prompted, GoldenEye executes a code that encrypts the user’s files and presents them with a ransom note. This happened at the Berlin headquarters of one large recruiting and staffing firm, and hackers demanded a ransom of approximately $1,000, or 1.4 bitcoins, in order to retrieve the now encrypted files.

When this happened, all HR personnel – and other staff – were advised not to open emails with Excel files attached or to enable macros, unless the sender was known and confirmed. The situation prompted a company-wide re-evaluation of security holes, especially in the HR department, in order to prevent the loss of critical files, downtime, and disruption that can be caused by an aggressive ransomware attack.

4. Fake resumes/fraudulent video conference calls

Fake candidates also are likely to submit over-exaggerated resumes, with too many skill sets that seems too good to be true, or a resume with fake education or certifications. Some will even make up colleges or universities. Other scammers may advance to an phone interview stage, but persist on a video conference interview where they can send harmful click bait through a video conference line, says Sorensen.

That’s why it’s especially important for HR leaders and recruiters to educate all employees about potential phishing scams, especially those in HR who may receive hundreds of emails a day or week.

Sorensen says employers and HR professionals can ensure they are not victims of recruitment advertising scams or job search scams by understanding that if an email attachment, or job inquiry seems suspicious, do some extra digging or research. “When in doubt, Google the company, position or candidate, and check social media profiles,” says Sorensen.

5. Tax scams targeting HR professionals

One common phishing scam targets HR and payroll staff during tax season. That’s why now is the time to start educating employees – not in a hurry before tax season. According to the SHRM article HR Beware: ’Tis the Season for W-2 Scams as tax deadline nears, HR should be aware that cyber thieves typically target new HR workers. According to SHRM, “between January and March of 2015, more than 55 businesses had reportedly been tricked into emailing criminals sensitive payroll data, according to the security blog Cloudmark. HR professionals—some of whom were fired for exposing private information—were duped when they received spoofed or fake e-mail messages, like the one above, from thieves posing as senior company officials. Crooks obtain W-2s with Social Security numbers, salary data, birthdates, addresses and other personally identifiable information. They then file fake federal tax returns and claim refunds from the government. Employees may not realize they’ve been victimized until after they file their taxes.”

The bottom line is all employees, especially HR and recruiters who are dealing with sensitive, private data, and who use technology tools frequently to do their job, need to be educated and trained on Cyber threats and scams, says Robert Siciliano, an expert in identify theft and CEO of the security firm IDTheftSecurity.com.

“We should teach workers how to handle data to minimize the potential of its falling into the wrong hands,” said Siciliano. Siciliano also said that every employee—new and old—should get thorough training, and that each worker’s access to sensitive company data should be limited in accordance with his or her role in the organization. “And new employees, before they officially begin work, should complete this training before accessing the company’s network.”

“It’s important that not only the company, but the employees as well, are actively aware of scams and taking precautions so they aren’t exposing themselves or the company to cyber threats that could harm its reputation,” says Sorensen.

Says Korolov: “A bad experience that leaves an applicant with a bad taste in their mouth – or, worse yet, costs them money – will damage your company’s reputation.”

Keep informed of recruiting best practices by staying connected with College Recruiter on LinkedIn, Twitter, Facebook, and YouTube. Hiring soon? Would it make sense to have a brief conversation about your hiring needs? Consider College Recruiter’s advertising solutions, or email sales@collegerecruiter.com.