Avoid online job post scams with these 7 simple steps.

Views expressed in this cybersecurity-cyber crime update are those of the reporters and correspondents.

Accessed on 08 February 2022, 2034 UTC.

Content provided by “PCMag Security Watch.”



Please click link or scroll down to read your selections.

Trouble viewing this email? View in a browser
PCMag SecurityWatch
Avoid Online Job Post Scams With These 7 Simple Tips
How many ways can you get scammed online? From spam emails to crypto cons, crooks create plenty of opportunities to get your information and commit identity fraud. One of their tricks is to pretend they want to hire you for a job.

Job seekers are particularly vulnerable to identity theft schemes. You have to give up all kinds of information about yourself before you can even get an interview. According to the FBI, scammers take advantage of people who apply for jobs by creating fake job postings to phish for personal information. The scammers then use the data they collect to commit identity fraud.
Does a job posting seem fishy to you? Your intuition may be correct. Victims have reported an increasing number of hiring scams to the FBI since 2019. According to the agency, the average reported loss was almost $3,000 per victim in addition to damaged credit scores.

Here’s how the grift works: Criminals create spoofed websites, often with stolen graphics of company logos to make the site look legitimate, to harvest job seeker information. The scammer’s post links to these phishing sites on well-known job boards. Job seekers fill out forms with key information such as addresses, phone numbers, Social Security numbers, and employment history. In some cases, the scammers even contact the victims and ask them to pay upfront for background checks, job training, or supplies. Once the crooks get the money, they disappear.

Job Posting Scam Indicators

  • Suspicious interview tactics
    In-person interviews aren’t always an option, so video calls are the next best bet. If the employer doesn’t use a company email address or verifiable phone number to schedule and conduct a video call, that can be a red flag.
  • Requests for money 
    If the potential employer asks you to pay during any part of the hiring process, it’s probably a scam.
  • Requests for credit card information
    Employers don’t need to know your credit card number to see if you’ll be an excellent employee. So avoid anyone who requests this info.
  • Recruiters or hiring managers who have blank or empty profiles on job networking sites, or whose profile information does not fit their roles
    For example, the recruiter for a software firm based in Chicago should not have a Malibu yoga instructor’s profile photo, description, and qualifications.

How to Keep Safe While Job Searching

The FBI has seven tips to help job seekers avoid phishing scams:

  1. Research the employer online before applying for a job to make sure the company and job is legitimate.
    Does the company exist? Does the recruiter or hiring manager listed on the job post work for that company? Does the job posting link to a secure web address that starts with https://? If any of the answers are no, run away!
  2. Verify job postings found on networking sites and job posting sites. 
    If you found the job posting on a third-party job board such as indeed.com or LinkedIn, check whether the same job is also listed on the company’s website. Not every employer hosts its own page with job postings, but many do. If you don’t see a position listed there that you saw elsewhere, take it as one red flag and continue looking for others.
  3. Do not provide your bank account information until you’ve been hired. 
    Scammers may ask for money or bank account information during the interview. A legitimate employer won’t ask for your banking details until you’ve signed a contract and are setting up direct deposit, and even then they’ll ask to verify only the bank name, account number, and routing number or SWIFT code—but never your online banking username and password.
  4. Confirm the employer identity with an in-person interview or a video call.
    Do not accept a job solely through email, over the phone, or via a chat app.
  5. Never send money to anyone you meet online, especially via wire transfer.
    Again, scammers may try to get you to pay for supposed training fees or background checks. A legitimate company or employer will not make these kinds of requests.
  6. Do not share your Social Security number or other personal identification with third-party job search apps or networking sites.
    Do not enter any sensitive information into online web forms on third-party job search sites.
  7. If you enter your Social Security number online, make sure the site is secure. Check the web address for “https://”
    Only enter that information after you’ve been in contact with a human in person or via video call.

Remember, if you have doubts about the legitimacy of a job posting, take the time to research the company, recruiter, or hiring manager online. A few minutes of Googling can save you money and credit woes in the future.

Get this from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

How to Know if Your Security Software Is Working

You probably haven’t thought about your security software or antivirus since the day you installed it. Is it working? PCMag lead security analyst Neil J. Rubenking compiled a list of ways to make sure you’re getting the protection you want. Here are a few highlights from that article:

  1. Update Your Antivirus
    Open your antivirus software and address any messages about updating databases, or click the Update command. Consider allowing auto-updates for your security suite if you don’t already do so.
  2. Evaluate Your Software
    Are you using the best antiviruspassword managerparental control software, or VPN? Not sure? Check out PCMag’s reviews for our Editors’ Choice picks in each category.
  3. Put Your Antivirus to the Test
    Most people don’t have malware on hand to test their security software. The EICAR site can test your computer’s malware protection safely. If your antivirus is working, you shouldn’t be able to download the dummy malware file from the site.
  4. Check Your VPN Connection
    Every time you connect to a new VPN server, check to see if your real IP address remains hidden. Go to DNSLeakTest.com without the VPN running and note your actual IP address. Turn on the VPN and go back to the site. If you see the same set of numbers, turn off the VPN and uninstall it because it’s not masking your IP address.

Stay safe,

Kim Key
PCMag Security Analyst

What Else Is Happening in the Security World This Week?

DHS Reveals America’s First Cyber Safety Review Board. First order of business: a report on the vulnerabilities discovered in the Log4j library in 2021.

‘Silent AirTags’ With Speakers Removed Pop Up on Etsy, eBay. Silent AirTag listings and online guides say silencing the speakers prevents thieves from finding them on stolen items, but privacy advocates have stalking concerns.

Mozilla Combines Multi-Account Containers With Its VPN Service. Mozilla married two of its privacy-focused tools: Multi-Account Containers and Mozilla VPN.

NordVPN’s Parent Company Is Merging With VPN Provider Surfshark. Both VPN providers say they will continue operating independently and won’t share IT infrastructure.

Google Brings Its VPN to iOS Devices. The descriptively named VPN by Google One is now available on Apple smartphones.

If you buy something from our links, we may get a commission from the sale. Learn more here.
{~Article(Top Tech Deal) id=2311~}
Google to Auto-Enroll More Users in Two-Factor Authentication, Citing Decrease In Hacks

Microsoft Will Finally Block Office Macros by Default to Stop Malware

How to Set Up and Use a VPN

IRS Backtracks on Using Facial Recognition for Website Logins

How to Hack Wi-Fi Passwords

Want more deals like these delivered to your inbox?
{~Article(Deals Block) id=2314~}
All product and deal information such as discount, price and availability are believed to be accurate as of the time of publication. Please verify these details with the merchant site and check the merchant’s terms and conditions before you buy. Publisher is not responsible for errors or omissions.

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Russ Roberts


https://paper.li/RussellRoberts (machine learning, artificial intelligence, IoT, and information security).