Q: I’m currently applying to a new job, but I’ve been hearing a lot about scammers preying on people applying for remote work. Is there anything I can do to keep myself safe?
A: Whenever you engage with anything online, one of the most important things you can do to protect your privacy and information is being very conscious about what’s real. There absolutely are scammers preying on people who may be looking for jobs or even those who are employed and are interested in looking at new opportunities. You may be aware of Nidhi Razdan, an Indian journalist who received an offer from Harvard University that turned out to be completely fabricated. Sophisticated online scammers targeted her using a wide network of imaginary personas on Twitter, Gmail, Facebook, and WhatsApp to give the offer the appearance of something legitimate. It was a complicated, detailed, and thoroughly executed scam that would have been very easy to mistake as a credible job offer. (https://www.nytimes.com/2021/12/16/technology/harvard-job-scam-india.html)
With many people still working remotely or in a hybrid environment, cybercrime is an all-too-common occurrence. While some scams may be easy to pick up on (misspellings in text, someone demanding an urgent response from you, an offer that is way too good to be true), others are complicated and designed to fool you into handing over your personal information. There are some additional red flags to watch out for as you approach anything related to the job search. The first is anyone asking for money. If you need to provide money upfront to apply for a job, for a company to review your resume, or to buy products and services prior to signing any kind of contract, stop right there. This is a huge sign that there are significant problems with the job posting. Do not to process further, end the conversation, and block the contact.
Another red flag would be an urgent push for you to sign some kind of contract before being comfortable with an organization. In this case, do your research before moving forward. Check the organization out on every social media site you can, and make sure you’re checking multiple sites as cross references, such as the Better Business Bureau, Glassdoor, LinkedIn, Instagram, Facebook, etc. to ensure that the people you are talking to are real. For example, many scammers utilize LinkedIn to create a network of fake profiles. Check the names of those profiles and do a Google image search of their pictures – sometimes many of these cyber criminals will use stock model images as profile pictures on their LinkedIn accounts.
Any job that is pushing you for sensitive information is a big warning that this may be a scam. In any case (be it social media, job postings, personal accounts, or just an unsecured area), keeping your sensitive information secured is essential. You should never provide things like your social security number, bank information, or any sort of online money-transferring application like Venmo, Zelle, or PayPal. Additionally, don’t give out too much information on LinkedIn, Facebook, Twitter, or anywhere else – this could make it easy for criminals to fabricate a fake version of you online to prey on and scam other people in your network. The kinds of content you post online can also provide a simple access point for cybercriminals. They can easily use a tactic called social engineering. For example, say you made a post about a conference you went to with a lot of detailed information. A cybercriminal could then see you were at X Conference on X Date with X People since you posted about it on Instagram, Facebook, and LinkedIn. From there, they may be able to reach out to you and sound like a credible source by creating a false narrative from the information you’ve freely given. Be wary of any kind of interaction like this, especially if it gives you some kind of call to action, like a file to download or an attachment of any kind.
Fabricated email addresses and URL(s) are also pretty common, so be very careful when reviewing them. The email may be very close to an email address of someone you know or a legitimate source (j.smith @ email address verses jsmith @ email address for example). Try other names with similar addresses to see if you connect with the same organization. Real company representatives should not be connecting to you outside of their company-based email domain, so communications done with Yahoo, Gmail, or any other free email service account become suspect.
Unfortunately, even though you might feel every TV show has done a story about individuals who have been tricked into buying gift cards for some scam, make sure this is not something you fall prey to in real life. If an organization is offering remote work, you should be continuing to do the same kind of research on the business, if not more so. You can do an online search to see if the organization has a physical location using map programs, such as Google Maps. Additionally, you can check with the state to see if the company is registered in that state.
Always remember: if it looks too good to be true, it probably is. If you’re confronted with a questionable hiring situation, make sure you ask a number of questions first before you accept anything. For example, you can ask if you could speak to a colleague who has worked at the organization. Finding references for organizations and people is something we need to be more and more skilled with as meeting face to face and going into the office has become less frequent in the job search process. Make sure to stay alert and protect yourself and your vital information.
Stay up to date on all the latest news from Boston.com