Cyber Criminals Targeting Job Seekers to Steal Data, Identities: Finra
Monday, July 24, 2017
Posted by: Brian Monroe
*Special contributor report*
By Jason Shechter
Financial crime compliance consultant
July 24, 2017
Cognizant of the increasing aggressiveness and creativity of organized criminal groups, opportunistic fraudsters and cyber hackers, one U.S. regulatory body is trying to protect a vulnerable group with a target painted on their back – desperate, out-of-work job seekers.
On July 6th, The Financial Industry Regulatory Authority (Finra) released an Investor Alert warning job seekers of attempts to defraud individuals through fake job postings and recruitment efforts. Criminals have been able to fool those seeking jobs into providing personal information and then gaining access to their bank accounts.
Criminals have been able to do this by using seemingly legitimate interview practices, such as requests for contact information and other details normally only needed after a person is hired, including Social Security Numbers, credit card or debit card numbers and bank account details.
The Finra alert could do more than just save a you from losing your savings, identity or having a criminal group rack up massive debts in your name – it could also keep you out of jail. In some of the schemes, the “job” is nothing more than an elaborate move to launder money for an international organized crime group. So it’s vital job seekers take these tips and red flags to heart.
However, applicants are falling prey to social engineering tactics as well, in a move that is a twist on phishing and vishing schemes – scammers working through random emails and phone calls – this time taking advantage of a group more willing to give up critical information in hopes of their openness and eagerness leading to a job.
During phony interviews, which are often conducted over the phone or via Skype, “recruiters” are able to gather more information from victims who are willing to share such details, either through asking directly for the information – to wire them money or under the guise of some amorphous fee – or by duping the job seeker into downloading “company” software that is really just malware.
This is something I personally experienced during a period of unemployment a few years ago.
Job postings abound on widely used sites such as Indeed and Monster, not to mention highly active job boards on Craigslist. While most of the listings were legitimate – including the one for a position I was offered – many looked suspicious.
The most obvious scam job listings were the postings for jobs where the manager or business owner was located overseas.
In these scenarios, applicants are advised that they will work from home and will receive monthly payments – all you have to do to supposedly get started is provide your bank account details, one of the telltale signs of a phony job.
These were reminiscent of the ubiquitous and widely-reported Nigerian money scams where the job descriptions provided few details about any particular line of business or detailed what the purported position in the fictitious company would be, through some vaguely referenced some “payment processing” function.
Others were less obvious.
Requests to work for a job you never applied for: be wary
In some cases, I would receive emails and phone calls for positions I had never applied. The recruiters were in most cases located in far-away cities in other time zones, and they insisted I would be great for a position in an industry in which I had no experience.
I made the mistake of going through a few phone interviews like this before I learned to avoid them, though I was careful not to deliver information that seemed excessive or irrelevant or could open myself to breached bank or credit card data or identity theft.
Finra makes no mention regarding who is behind these scams or where these criminals are located, though as I mentioned before these scams have originated in many jurisdictions where crime and corruption are endemic and the rule of law weak, including Africa, the Middle East, China and Eastern Europe.
But Finra does, however, list some red flags that might help a job seeker not get scammed, including:
- The recruiter or company adding excessive pressure to commit to a job quickly, or they could lose out.
- The person uses language – spoken or written – suggesting a job is “guaranteed” or “waiting for you,” even though your qualifications might not seemingly match up perfectly with the skillset needed.
- The job advertisement, or any of the sites or communications tied to the recruiter or employer, contains odd or poorly written text on the online video platform page or in other related relevant documents.
- The company or recruiter arranges interviews for “previously undisclosed" jobs. On the federal side, at least in the Unites States, all job vacancies are announced to the public on usajobs.gov. Likewise, many organizations, including Finra, post jobs on their own website, and make the information publicly available. A company offering secret jobs that can’t be found anywhere online should be viewed with a jaundiced eye.
Jilted job seekers can lose funds, and even freedom
The Finra alert also details one specific set of scams, though there have been numerous iterations and variations on a theme in recent years.
For instance, job seekers in Australia were duped into giving up bank account details through fraudulent job postings for government positions, a potentially criminal problem for any job seekers that took up the assignment as the job was to launder money for an illicit syndicate.
There have also been cases in which applicants are prompted to call phone numbers and are charged exorbitant amounts for doing so.
Part of the problem for applicants in a tough job market is the way in which the hiring process is structured.
When you apply online, you can’t always be sure who will receive your contact information. There are so many third parties and recruitment firms, it can be hard to know which are legitimate and which are not.
Applying directly to a company may be the safest route, but for job seekers who are desperate to begin working again, every avenue seems like it might be worth exploring.
Victims of these scams, however, are being targeted in a particularly cruel fashion.
Eager to find employment, they are willing to share whatever information an interviewer asks for. When they are defrauded, it hurts even more as they may not have steady income or savings to lessen the impact of the theft.
Finra is aware of this and has made some recommendations regarding how to avoid falling prey to these schemes.
The guidance from the securities sector’s chief self-regulatory body also comes with a dash of common sense.
It includes not responding to unsolicited video interviews and ending any such contact when prompted for financial information.
Don’t forget your CDD (Company Due Diligence)
In general, Finra says, you should not have to provide any information about your bank account, Social Security Number, or similar information until you are past the initial phase of the interview process.
Moreover, you would normally not be giving this information to an interviewer or recruiter. The information would be going to the human resources department or to a third-party human resources firm on sites that would be clearly professional and secured.
Other tips offered by Finra detail engaging in some CDD – in anti-money laundering (AML) parlance, we would call that customer due diligence, but in this case you would be doing a bit of necessary company due diligence. The tips include:
· Calling the company to confirm the person you have contacted is actually an employee
· Moreover, asking if the person is a current recruiter if the recognized name is retired.
· Doing an internet search about the company and its open positions.
After all, if you Google a company and see a lot of scam reports or negative results, or you are unable to determine who the recruiter is, there’s a good chance this could be trouble. Keep in mind, companies are typically not offering jobs to people that didn’t apply for them.
Job seekers need to remain vigilant. No legitimate employer should be asking to you to pay them to start your position. Unless you have signed a contract, no one needs to have access to your bank accounts. Most importantly, if something seems amiss, trust your gut!