If you’re looking for a new job online, be careful. The FBI is warning that scammers are posting fake job listings using the names of real companies to try to dupe applicants into handing over sensitive information.
The scheme exploits how companies post job listings across a variety of recruiting websites. The fraudsters will do the same by posting spoofed job listings.
The FBI didn’t name the affected job recruitment platforms, but it said in one case the site allowed anyone to post a job, including on official company pages, without user verification. “Those postings would appear alongside legitimate jobs posted by the business, making it difficult for applicants and the spoofed company to discern which job posting was real and which one was fraudulent,” the agency added.
The FBI might be referring to a vulnerability at LinkedIn, which allowed anyone —including unaffiliated users—to post a job listing on behalf of a company, according to BleepingComputer. LinkedIn seems to have since fixed the flaw by requiring job posters to verify the listing through an email address registered with the employer.
The FBI adds that scammers will also replicate legitimate job postings by using the same logos, content, and HR employee names, but change the contact details. The fraudsters will then circulate the job listings across other networking sites.
It’s also easy for job hunters to fall for the scheme since it's customary to provide personal information to an employer during the application process and when the job has been secured. In the wrong hands, the same information can be used to commit identity theft. The FBI also noted the scammers behind the scheme can even try to trick job applicants into sending over money or
Read more on pcmag.com