Blog

Job-related scams are on the rise.

Scam Awareness in the Job Search

Job-related scams are on the rise.

In the first few months of 2024, two students reached out after being targeted by a job-related scam. As a part of these scams, the students were led to believe that they were getting real job offers when they were actually targets of identity theft or digital check fraud. While identity theft is nothing new, digital check fraud is not as well known.

Digital check fraud, to me, sounds like a lazy heist. It’s part social engineering and part fraudulent banking. It’s a type of shell game where the scammer tricks the victim into performing a series of actions. It starts when the scammer gives the victim a digital check to deposit. The check could be for services, advanced payment, or to purchase supplies as part of onboarding. As soon as some of the funds have been cleared for use, the scammer claims in one way or another that too much money was sent. The scammer then explains that part of the funds must be returned through a third-party money transfer like Zelle or Western Union. In some cases, the scammer will even offer to help walk the victim through the process of sending the money back.

This means that when the bank catches the fraudulent check and bounces it, the victim has already been walked through returning the “extra” money. At the end of the day, the victim was the one to authorize all deposits and transfers. So, when the dust of digital check fraud settles, the victim is left with less money than they originally had in their account. This happened because although the fraudulent check bounced, the money transfer still went through.

My first personal experience with digital check fraud goes back to 2015 when I was working as a freelance writer. A scammer pretended to be a client and tried to pay with a digital check to initiate the scam. In some cases, the bank will flag the activity immediately. This mostly leads to the check being bounced immediately and no funds showing as available. However, in some cases, freelancers that I’ve worked with have had their entire accounts put on hold by their bank to allow for an investigation.

In the cases of the two students mentioned earlier, they were able to catch on before any real harm was done. With these types of scams continuing to happen, it is always a good practice to take a few moments to remember how to deal with them. To help with that, here are a few tips about how to proceed with your job search while keeping an eye out for these scams:

 

Track all applications that you submit:

Having your own Excel document where all the details are broken down helps keep all the jobs you’ve applied to in a central location along with the information you’ve sent out. You may need more space to include additional information, and in that case, students linked their Excel spreadsheets to OneNote and used OneNote to house screenshots, conversations, and research.

 

Verify the domain tied to the email address:

By inspecting the email address, you may find a lookalike domain, or a malicious domain, attempting to look like a legitimate one. A company’s real email will likely be posted and available on their website and you can use it for comparison. In one case, a scammer used a domain similar, but which included LLC at the end of the company name whereas the real company’s domain did not have LLC. Other cases include the company name with addresses like secretary.net and gmail.com.

 

Be realistic about pay:

To get you to overlook inconsistencies, scammers will often try to offer you more money than the role would normally pay. In both cases, the pay was listed as $35 to $45 an hour with benefits included, for a remote position requiring little to no experience.

 

Do not engage with scammers:

All you should, and need to do, is report scammers to the job board. If it was a case of impersonation, an email could be sent to the company or individual being impersonated to let them know about the issue. If you engage with scammers, you might make yourself a target and open yourself up to further cyberattacks.

 

The Case of Digital Check Fraud

Looking at the process that a scam follows can highlight additional things to keep in mind when journeying through the job search. With that in mind, I’d like to look at the first few steps of a job scam that can lead to fraud. My interaction with this particular scam was to review all communications between the student and the scammer to verify that no personal information was exposed through their communication. To that end, I read through copies of emails, texts, and attached documents.

First, the student received an email requesting an interview. Close inspection of the email reveals that a @gmail.com address was used instead of the legitimate domain name and both suggested interview times were a week passed due. While neither of these things directly indicate malicious activity, (some companies still use a generic @gmail.com address and forget to check dates before sending emails) this time error could have been due to the scammer reusing an old message.

Next, when the student confirmed interest and availability for the interview, they were not asked to schedule an interview. Instead, they were sent a document containing “interview questions” that they were required to respond to within 90 minutes. This document contained basic interview questions and asked the interviewer to verify that they could fulfill the job duties. While it is still plausible that this could be an elimination tactic by HR to weed out folks who can’t quickly answer basic questions, it is more likely that the scammer was relying on social engineering tactics to rush their target through the process.

Finally, as soon as the student submitted the completed interview, they received an email stating an employment decision would be made within the hour. Several hours later, the student received another email saying that they were hired for the position. In this email, the student was asked to reach out to a @security.net address to provide personal information needed for employment. The difference in the “within the hour” versus the several hours later that they actually heard back from the scammer could be due to poor management communication. However, since the employment offer was made without any actual interface with the company other than email, it is highly unlikely that this is a legitimate job offer.

In this case, the student was moved on to the next stage of the onboarding process. As part of this, they were presented with “out of band communication” trying to gain access to account credentials, a check for payment, and several different contacts to proceed. At this moment, the student decided to break off communications with the scammers and began to make sure that their financials and identity were not at risk. They even took steps to notify the company that was being impersonated.

Inside the emails and texts reviewed as a part of the job scam, the student was required to share banking information and when that didn’t work, money transfer apps like Venmo or Cashapp were introduced as alternatives. If the student hadn’t had multi-factor authentication (MFA) configured for all their apps and two-step verification (2SV) enabled with their bank, the scammer could have gained access to more than just the amount returned during the final step: digital check fraud. In this case, the fraud revolved around a check provided to purchase equipment to work from home. The list of items included everything from computer hardware and software to ergonomic furniture.

 

Closing Advice

It’s too easy to say, “The people getting scammed should know better.” Unfortunately, in these cases, the targets were people in situations where they trusted that it would be a legitimate job offer. These targets were students who were changing careers to IT and the companies impersonated were either run by minority groups or related to services for the disabled.

Using this scam as a cautionary tale, here are five tips with resources and reminders to keep in mind as you go about your job search:

1. Be wary of blind offers

a. Resource: Use your job tracking spreadsheet to figure out if you applied.

b. Ask yourself: If you did not apply, how did they find you?

2. Be mindful of domains and emails.

a. Resource: Tools like Scam Detector’s Website Validator can help you check domains.

b. Ask yourself: Is this the legitimate domain and email for the company?

3. Be realistic about pay.

a. Resource: Sites like Salary.com and Robert Half’s Annual Salary Guide can help identify realistic pay if you are unsure.

b. Ask yourself: Does it make sense for them to pay this much for this position or role?

4. Be cautious about the interview process.

a. Remember: Typically, the interview process will include a screening interview, technical assessment, and then a final interview that could be virtual or in-person but is almost always some form of face-to-face.

b. Ask yourself: What aren’t they asking me?

5. Be aware of switching domains.

a. Remember: Scammers will maintain multiple domains to evade security measures.

b. Ask yourself: Why would a company use more than a single domain?

Scams of this nature lead to more than just financial loss or identity theft. The victims themselves are exposed to stress, emotional damage, and even continued targeting. I read a story in January of this year about how one of the victims of E-Commerce Fraud ended up in legal trouble and even lost his job. While E-Commerce Fraud and Job Scams do not follow the same process, there are enough parallels that could leave potential job seekers at risk for legal trouble. In the E-Commerce Fraud case that I mentioned, there were two victims. Each victim’s information was played against the other victim so that the malicious actor could sit just outside of reach while they collected the fraudulent funds. Brian Kreb’s did a full investigation of the story and it can be found at: https://krebsonsecurity.com/2024/01/canadian-man-stuck-in-triangle-of-e-commerce-fraud/

In conclusion, criminals be doing crime. Despite this being a well-known scam, major organizations have yet to put appropriate protective measures in place. Additionally, victims of scams are often left with no course of recovery after one of these instances.

About the author: Jeff Krakenberg is a technical trainer and security researcher. With the goal of spreading awareness and knowledge, Jeff focuses his efforts on basic cybersecurity lectures, moderating open discussions about vulnerabilities, and building hacking labs for his students. Like many others, you can often find Jeff delving too deeply into the weeds of the Internet.

Start Date
End Date
Day/Eve
Break Weeks
Track
Jan 23, 2023
Jul 27, 2023
Eve
4/3/23-4/7/23
5/22/23-5/26/23
7/3/23-7/7/23
CSSP-V
Jan 30, 2023
May 5, 2023
Day
3/6/23-3/10/23
4/10/23-4/14/23
CSSP-V
Feb 6, 2023
May 19, 2023
Day
3/27/23-3/31/23
FSCP-V
Mar 20, 2023
Jun 23, 2023
Day
4/24/23-4/28/23
5/22/23-5/26/23
CSSP-V
Apr 10, 2023
Jul 28, 2023
Day
5/29/23-6/2/23
7/3/23-7/7/23
FSCP-V
Apr 24, 2023
Oct 19, 2023
Eve
7/3/23-7/7/23
8/21/23-8/25/23
CSSP-V
May 15, 2023
Dec 14, 2023
Eve
7/3/23-7/7/23
9/4/23-9/8/23
11/20/23-11/24/23
FSCP-V
Jun 5, 2023
Sep 8, 2023
Day
7/3/23-7/7/23
8/7/23-8/11/23
CSSP-V
Jun 19, 2023
Oct 6, 2023
Day
7/3/23-7/7/23
9/4/23-9/8/23
FSCP-V
Jul 24, 2023
Jan 25, 2024
Eve
10/2/23-10/6/23
11/20/23-11/24/23
12/25/23-12/29/23
CSSP-V
Aug 14, 2023
Nov 17, 2023
Day
9/5/23-9/8/23
10/16/23-10/2/23
CSSP-V
Aug 28, 2023
Dec 15, 2023
Day
9/4/23-9/8/23
11/20/23-11/24/23
FSCP-V
Oct 30, 2023
Feb 2, 2024
Day
11/20/23-11/24/23
12/25/23-12/29/23
CSSP-V
Oct 30, 2023
May 2, 2024
Eve
11/20/23-11/23/23
3/4/23-3/7/23
CSSP-V
Nov 6, 2023
Mar 1, 2024
Day
11/20/23-11/24/23
12/25/23-12/29/23
1/29/24-2/2/24
FSCP-V
If you don't see the Cohort Start date you are looking for don't forget to check out our campus calendars.
CSSP-I: Cloud & Security Specialist Program (In-Person Modality)
CSSP-V: Cloud & Security Specialist Program (Live Virtual Modality)
FSCP-I: Full Stack Coding Program (In-Person Modality)
FSCP-V: Full Stack Coding Program (Live Virtual Modality)
Please note that Centriq will be closed on the following observed holidays: New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, the day following Thanksgiving Day, and Christmas Day.
Start Date
End Date
Day/Eve
Break Weeks
Track
Feb 29, 2024
Mar 24, 2024
Day
3/25/24-3/29/24
4/22/24-4/26/24
CSSP-I
May 13, 2024
Aug 16, 2024
Day
5/27/24-5/31/24
7/1/24-7/5/24
CSSP-I
Aug 19, 2024
Nov 22, 2024
Day
9/2/24-9/6/24
10/21/24-10/25/24
CSSP-I
Dec 2, 2024
Mar 14, 2025
Day
12/23/24-12/27/24
12/30/24-1/3/25
2/10/25-2/14/25
CSSP-I
If you don't see the Cohort Start date you are looking for don't forget to check out our online instructor-led calendar.
CSSP-I: Cloud & Security Specialist Program (In-Person Modality)
CSSP-V: Cloud & Security Specialist Program (Live Virtual Modality)
FSCP-I: Full Stack Coding Program (In-Person Modality)
FSCP-V: Full Stack Coding Program (Live Virtual Modality)
Please note that Centriq will be closed on the following observed holidays: New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, the day following Thanksgiving Day, and Christmas Day.
Start Date
End Date
Day/Eve
Break Weeks
Track
Jan 15, 2024
Apr 19, 2024
Day
2/19/24-2/23/24
3/18/24-3/22/24
CSSP-I
Feb 26, 2024
May 24, 2024
Day
4/1/24-4/5/24
CSSP-I
Apr 1, 2024
Oct 31, 2024
Eve
5/27/24-5/30/24
7/1/24-7/4/24
9/2/24-9/5/24
FSCP-V
Apr 08, 2024
Jul 12, 2024
Day
5/27/24-5/31/24
7/1/24-7/5/24
CSSP-I
May 20, 2024
Aug 23, 2024
Day
5/27/24-5/31/24
7/1/24-7/5/24
CSSP-I
Jun 24, 2024
Sep 27, 2024
Day
7/1/24-7/5/24
9/2/24-9/6/24
CSSP-I
Jul 29, 2024
Feb 6, 2025
Eve
9/2/24-9/5/24
11/25/24-11/28/24
12/23/24-12/27/24
12/30/24-1/3/25
CSSP-I
Aug 5, 2024
Nov 8, 2024
Day
9/2/24-9/6/24
10/7/24-10/11/24
CSSP-I
Sep 9, 2024
Dec 13, 2024
Day
10/14/24-10/18/24
11/25/24-11/29/24
CSSP-I
Oct 21, 2024
Jan 31, 2025
Day
11/25/24-11/29/24
12/23/24-12/27/24
12/30/24-1/3/25
CSSP-I
Dec 2, 2024
Mar 14, 2025
Day
12/23/24-12/27/24
12/30/24-1/3/25
2/10/25-2/14/25
CSSP-I
If you don't see the Cohort Start date you are looking for don't forget to check out our online instructor-led calendar.
CSSP-I: Cloud & Security Specialist Program (In-Person Modality)
CSSP-V: Cloud & Security Specialist Program (Live Virtual Modality)
FSCP-I: Full Stack Coding Program (In-Person Modality)
FSCP-V: Full Stack Coding Program (Live Virtual Modality)
Please note that Centriq will be closed on the following observed holidays: New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving Day, the day following Thanksgiving Day, and Christmas Day.