The rise of employment scams in the digital age

Written by: Mandy Yousif, CFE

Date: July 1, 2023

Read Time: 20 mins

In May 2022, Amal Mukhlis of Ontario, Canada, came across a job posting on Facebook for a remote position at a company named TTEC COMPANY, also called TTEC WORK@HOME COMPANY. Using Facebook Messenger, Mukhlis contacted the recruiter, who directed her to download Google Chat for further communication. The recruiter identified herself as the hiring manager and asked Mukhlis to provide her name, location, the position of interest and a photo — “a clear selfie.”

The recruiter later asked Mukhlis to answer a series of interview questions “ASAP,” which solicited a string of personal information, such as the name of her bank, phone carrier, her payment preference and whether she had a PayPal and/or a credit card account. (See Figure 1 below for samples of the Google Chat conversation between Mukhlis and the supposed hiring manager.)

Within less than 30 minutes of answering these questions, the recruiter had offered Mukhlis a position at the company and asked for her full name, address, phone numbers and email address. Skeptical about the speed of the hiring process and the nature of the questions, Mukhlis reached out to me knowing that I’m a fraud investigator. I advised her to stop sending any information and to conduct an online search of the company. Mukhlis soon came across several online reviews indicating that the company is a scam.

Fortunately, Mukhlis avoided any monetary losses after quickly contacting her bank, phone service and other third-party providers. But not everyone is so lucky. Mukhlis’ experience is becoming increasingly common among job seekers who now rely heavily on social media and online employment platforms. Fraudsters are posting fake job ads through trusted sites, such as Facebook, LinkedIn and Indeed.com to lure victims. And in a practice called spoofing, they’re creating fake email and website domains that make it seem as if ads and recruiting contacts come from legitimate companies — at least to the untrained eye. The scammers then trick victims into sending money and/or their personally identifiable information (PII).

Figure 1 - Samples of the Google Chat conversation between Amal Mukhlis and the supposed hiring manager

Recent resurgence

While employment-related scams aren’t necessarily new, they remain a persistent problem and saw a resurgence during the COVID-19 pandemic when many people were seeking employment through online resources in the confines of their homes. This created an ideal environment for scammers to prey on job seekers during a time of economic uncertainty.

In 2020, the Better Business Bureau (BBB) estimated that 14 million people in the U.S. and Canada were exposed to job scams, resulting in $2 billion of losses each year. (See “Employment Scams Report 2020,” BBB.) But even as unemployment fell to near historic lows last year and law enforcement cracked down on this type of crime, the number of reported jobs scams remained comparatively high, albeit off the peaks seen during the worst of the pandemic. Data analytics and consumer credit reporting company Experian placed fake job postings as one of the top five fraud threats of 2023. And more victims of these scams have been speaking up about their recent experiences through online posts. (See “ Experian’s 2023 Future of Fraud Forecast,” by Alison Hillendahl, Experian, Feb. 1, 2023; “Gustavo Miller’s Post,” LinkedIn; and “ Sinoha Rivas’ Post,” LinkedIn.)

Filthy lucre

The rise in job-related fraud may not be surprising given that these schemes are increasingly making more money for fraudsters. While the number of reported frauds in the U.S. related to business and job opportunities fell to 94,129 in 2022 from 105,809 in 2021, fraudsters are stealing more overall through these scams, according to the U.S. Federal Trade Commission (FTC). Median and total amounts lost to this type of scheme in the U.S. respectively reached $2,000 and $373.5 million in 2022 versus $1,979 and $209.1 million in 2021. That’s way above the median loss of $650 for all scams last year and puts job fraud among the top 10 schemes with the highest median losses in 2022. (See “Consumer Sentinel Network – Data Book 2022,” FTC, February 2023 and Fraud Reports.)

BBB, meanwhile, found employment fraud to be the second-riskiest scam in the U.S. and Canada last year, up from No. 3 in 2021. BBB measures risk by examining three factors for a particular type of scam: overall volumes of that fraud reported (exposure), percentage of reports that involved monetary loss (susceptibility) and the median dollar amount of losses (monetary loss). According to BBB’s data, employment fraud comprised 9.6% of all scams reported in 2022 (up from 7.8% in 2021) and median dollar losses hit $1,500 last year (up from $900 in 2021). Susceptibility remained flat between those two years. (See “Employment scams make a resurgence,” 2022 BBB Scam Tracker Risk Report.)

CFEs and job scams

In 2020, the Better Business Bureau estimated that 14 million people in the U.S. and Canada were exposed to job scams ... Reach out to fellow fraud examiners and you’ll find that many have had direct experience with job scams, either by helping family members lured by bogus offers of employment or at their own jobs. And the scams are becoming more sophsticated. (See “ Fake job scams are skyrocketing online — and they’re getting harder to detect,” by Jaimie Ding, Los Angeles Times, Jan. 12, 2023.) In December last year, senior executives in the human resources department at the insurance company firm Protective Life started receiving calls and emails from individuals who’d applied for jobs at the company. The problem was that they didn’t recognize the applicants or the jobs they were applying for. “It didn’t involve any customers, but since we had what looked like corporate identity theft of someone pretending to be with our company and posting these jobs, we started to look at it,” Ryan Schwoebel, CFE, director of Protective Life’s special investigative unit, tells Fraud Magazine.

After receiving screenshots of the interaction between the fraudsters and the victims, Schwoebel’s team saw that the scammers had taken information directly about the company from a Wikipedia page but changed the wording a bit to make it look authentic. They also used fake web and email addresses that looked legitimate enough to fool those who might not pay attention to subtle differences. “Our company URL, which is connected to our email, is Protective.com,” says Schwoebel. “But the emails and website they saw ended with something like Protectivelife.com.”

When someone applied for a bogus job position, which were all remote data-entry positions, they were interviewed through email and Google Chat — a similar pattern to the introductory case. The fraudsters avoided in-person interviews, or video calls, and then sent job offers using authentic Protective employee names. Applicants who eventually contacted the company heard alarm bells when they received final emails that didn’t contain the word “Protective” but did contain requests to print off the front and back of checks that they were asked to deposit in their banks.

Valerie Scarantino, CFE, ethics and compliance manager of the energy firm, UGI Corporation, had a similar story. When Scarantino worked for the UGI subsidiary Amerigas before the pandemic, someone called her office questioning why she’d received a large check from the company after she’d applied for a job there. “It was something like $4,965, an odd number,” remembers Scarantino. “Fortunately, she had the foresight to call the corporate office and say, ‘Hey, I applied online for this job, and you have sent me a check, but this is a ridiculous amount of money. Is this for real?’ We said, no.”

In 2020, the Better Business Bureau estimated that 14 million people in the U.S. and Canada were exposed to job scams...

Check scams and more

The check scam, with all its variations, has become a favorite ploy among fraudsters who lure victims with offers of employment. According to a 2020 BBB report, 36% of the people who reported job scams received counterfeit checks. (See “Employment Scams Report 2020,” BBB.) Fraudsters might tell the victim that they overpaid and ask them to return the difference or request the job applicant to deposit the check and then transfer the funds to another account to pay for training or equipment. Or they may send a check and ask you to buy a gift card and provide the details of that gift card. That’s what happened to a young interior designer in Canada when she applied for a part-time job and found herself out $2,000. (See “Toronto woman says she lost $2,000 to work-from-home scam,” by Naila Syed, The Toronto Observer, Oct. 18, 2021.) By the time the victim realizes it’s a fake check, the fraudsters have disappeared.

Fraudsters have also advanced beyond the basic check con and are starting to use newer technologies such as cryptocurrencies and other means to obscure their identities, fooling even those who do their due diligence. Take the case of a then-25-year-old woman called Ashley, who in 2020 had reportedly lost her job due to the COVID pandemic and posted her resume on a variety of reputable job sites, including Indeed and LinkedIn.

Here’s what then happened, according to a report from the Canadian Broadcasting Corporation (CBC). (See “Fraudsters create fake Canadian company, steal foreign website to victimize job seekers,” by Nicole Ireland and William Wolfe-Wylie, CBC, Aug. 8, 2020.) It wasn’t long before a technology company called Gux-IT, supposedly based in Vancouver, British Columbia, had invited Ashley to apply for a full-time remote position as a general assistant. Aware that employment scams had been on the rise, she checked the company’s website, the email addresses of the employees and looked up the company’s address. They all seemed legitimate. Ashley thought she’d done her due diligence, but in reality Gux-IT was a fraudulent company.

Even so, there were some red flags. Her manager, who used the free messaging app Telegram, introduced herself as Nancy Garapick, which Ashley later realized was the name of a former Canadian Olympic swimmer and clearly fake. Garapick told Ashley that her first task on the job was to help the IT department buy software and website hosting tools on behalf of clients. The manager said the company would regularly replenish a digital wallet that held Ether — a cryptocurrency — so that Ashley could pay for these products. But first, Ashley had to create the “work” wallet by depositing $2,000 in a cryptocurrency ATM after they wired that money to her bank account. Ashley followed the instructions only to discover that it was a scam. Her suspicious boyfriend drove to see if a Gux-IT office existed in the buildings that Ashley had originally searched for through Google Street View. It didn’t.

An investigation later found that the fraudsters had essentially replicated the website of Synebo, a legitimate company based in Ukraine, and replaced its name with Gux-IT instead. The scammers had even stolen the name of the supposed parent company — Gux Enterprises Ltd. — from a resident of British Columbia who had planned to start an equipment rental business.

Jeff Thomson, senior intelligence analyst at the Royal Canadian Mounted Police’s anti-fraud center, was quoted in the CBC article saying that these types of scams are often about using fake employees to launder dirty money through cryptocurrencies, which are harder to trace. Experian also warns that victims of work-from-home scams could be used as mules not only to transfer dirty money but to reship stolen goods. (See CBC article and Experian report.) This type of employment scam is just one of many that fraudsters have up their sleeves. [See sidebar: “Types of employment scams” at the end of this article.]

Perhaps more importantly, fraudsters are willing to spend considerable amounts of time on job scams to extract personally identifiable information (PII), which can be even more profitable for scammers and damaging to victims. “You could potentially become victim of something bigger like identity theft when all you were trying to do was get a job,” says Tiffany Smedley, CFE, an investigator at the FTC.

Sherri Jablonicky is an associate member of the ACFE and senior vice president of fraud and security at Community First Credit Union in Appleton, Wisconsin. She remembers how fraudsters had spent weeks trying to court her daughter for a fake virtual health-coaching job. “I had never seen a job scam where fraudsters have spent so much time communicating back and forth to make this come across as real,” says Jablonicky.

Jablonicky helped her daughter as she became increasingly suspicious after going through several interviews done through messaging platforms. Eventually they emailed the company at its headquarters in Minneapolis and were told that several people had already called them about what was a fake job ad.

“We saw red flags — the whole ‘we want a copy of your passport.’ Well, no employer is going to ask for that,” says Jablonicky. “They get your information through your passport and driver’s license, and they end up having your Social Security number, which in the long run makes your life a real nightmare.”

Impersonated companies and what they can do

It can be difficult for companies that are the focus of employment scams but have no control over who’s applying for bogus jobs and are probably only seeing a fraction of what’s going on behind the scenes. That’s why it’s important to report crimes to the FTC, the FBI’s cybercrime and fraud specialists, and the Canadian Anti-Fraud Centre. “A lot of times the company that is being impersonated doesn’t have any legal authority to go after the bad guys,” says Schwoebel. He says FBI cybercrime specialists are best qualified to garner the data and connect the dots.

“One of the most important things people can do is to report the fraud and let us know what is happening,” says the FTC’s Smedley. “If we know something, we can potentially take action to stop it and go after the scammers.”

But in terms of prevention, often companies have limited options, except to educate employees and the public about such scams. When calls and emails from applicants asking about bogus jobs skyrocketed in January, Protective Life quickly posted a fraud alert at the top of its careers page. It warns the public that the company would never ask for banking information and only communicates through its domain, @protective.com. It also directs people to another webpage with information on whom to contact should they be a fraud victim. Since then, Protective has received fewer inquiries about this kind of fraud, says Schwoebel. (See “Important notice,” Protective.)

Protective has also put together some basic security protocols for senior executives, advising them to reconsider before making connections on social media like LinkedIn. “If you don’t really know who someone is, do you really need to make that connection request?” asks Schwoebel. “Are they potentially looking to exploit your information?”

It seems that business impersonation cuts across all industries, but Schwoebel suspects that fraudsters favor companies with higher profiles. A better-known name provides some legitimacy to the job posting. Leading up to the surge in job scams, Protective had made a series of mergers and acquisitions, and was regularly in the news. “Fraudsters are trying to dupe people into that initial appearance of legitimacy,” Schwoebel says. “As companies get larger and get their name out there, that is great for business, but it also puts a bigger target on their backs.”

Mandy Yousif, CFE, is COO and partner at consultant Specialty Risk & Intelligence Services (SRIS). Contact her at Mandy.Yousif@sris.ca.

[See sidebar: “Doing your due diligence” below.]

Anyone can be fooled by job fraud, but here are some red flags to watch for when seeking employment.