Don’t Fall For This Scam
We’ve written several blogs on how to spot a fake hiring scam before, but we wanted to warn you of a new, very elaborate scam we’ve encountered recently.
It started with an email.
A friend of mine named Carol was applying for jobs. She received a very official-looking email from someone offering her a job with a similar title to the one she was interviewing for with many other companies. The email detailed a marketing position, the title, the pay, and asked if Carol was interested in an interview. The problem? Carol never applied with this company. However, she kept good records of every place she did apply to, and there was one organization with a kind of similar name and a kind of similar job position. She wanted to make sure this was NOT that position.
The first thing Carol did was check the email address. It said something along the lines of jsmith@company.co — it matched the email signature which said something like Jay Smith with Company.co plus it provided a photo of Jay Smith. Carol then searched for Company.co online and easily found it. She looked at the Careers page on the site, and all it said was that they were actively hiring and encouraged anyone interested in their company to reach out.
Everything seemed fine. Carol was still a little unsure about it, but then she received a text message. She provided her cell phone on her résumé and in her applications, so it was not unusual for a company to have that. The text was from Jay Smith, asking Carol to verify that she received his email because he was worried it went to spam. Carol reassured him it did not and said she would be looking at it later. Jay thanked her and said he anxiously awaited her response.
She re-read the email. Searched the company again. Looked for them on social media and found they had an impressive following. The names all matched, the logos matched, everything really did seem above board, but something about the whole ordeal was bothering Carol.
Still, Carol decided to reach out. She asked what the job position actually entailed as a list of duties had not been included in the original email. Jay responded saying they would give Carol details once she agreed to an interview. That was a big red flag. Carol pushed further for the exact job description, but Jay just kept saying she would receive it during the interview. While Carol debated over what to do next, Jay sent her another email with the ‘President’ of the company copied into it. The president’s name was something like Jack, and he said he looked forward to interviewing Carol for the position. He too had an email signature with a photo.
Before agreeing to an interview, Carol then asked how Jay discovered her. He said he used a recruitment company. Carol researched that company as well. They were very official with a large social media following and a nice website. However, the whole thing did not sit right with Carol. She never went through a recruitment agency; in fact, she wasn’t sure how an agency would even get her information. Plus, that particular agency specialized in the medical field, and Carol was looking for a job in marketing. The salary listed in the email bothered her because it was much higher than what others were offering. Finally, she knew something was very wrong since this Jay person would not give her the job description. Bonus: Jay — and now Jack — were sending her several emails, pressuring her for an interview.
She searched up Company.co again, but this time she looked at the URL. When she typed in company.co into her address bar, the URL was automatically changed to company.COM. Many companies have these sort of redirects automatically set up to help get customers to their site in case they make a typo. However, those redirects will not be included in email addresses. If someone emails you from a company, it will be from the MAIN url. Carol double checked the email address, and it said company.CO and not company.COM.
That confirmed that the email she received was fake. Next, she reverse Google image searched the man’s picture in the email signature for Jay. She immediately found him. Only, his name was not Jay. It was something like James. And James didn’t work for Company.com or Company.co, instead he worked for a completely different company altogether. She found his information on the company’s staff page. He had nothing to do with recruiting or HR. He was the vice president of the company. With this information, she backtracked to LinkedIn where she found his profile. It confirmed he never worked with any sort of Company.co.
She reached out to him and asked if he was the one emailing her. He was not. In fact, he was at a technology conference in Dubai at the time. She then did the same thing for Jack. He too was a real person that never worked for Company.co and he, in fact, never worked with the real James. His name was also actually John.
Carol went back to Company.com and reached out to them, asking if they were hiring in marketing. Company.com got back to her and confirmed they used a redirect so that if anyone typed in Company.co they would get to Company.com, and they also confirmed they were NOT hiring anyone in marketing.
It was a scam, and a good one at that. They knew the type of jobs Carol was searching for, and they used the real company’s logos. They chose names almost identical to real organizations, and they used real people’s photos they found online (although not their true names, but they got close using Jay instead of James and Jack instead of John — they did use the exact same last names as these fake people’s real counterparts). Finally, she searched up the cell phone number she received the text from and found it was a burner number purchased through an online service.
Carol was not one to be deterred. She replied back to the fake email, said she knew it was spam and that she had reported it to the correct company.
She thought it was over.
It was not.
A few days later, Carol received a text message from a different phone number. It addressed her by name. It said it was from a company that discovered her information on a job site (yes, it was a site she used frequently). The text was from someone named something like Mary. This Mary person said she wanted to reach out quickly to see if Carol was interested, and if so she would set up an interview.
Carol felt this was a scam, but this time around they knew one of the job sites she was using, so maybe, just maybe, this was real. Plus, she quickly looked up the phone number, but this said it was unlisted so it had a bit more of a legitimate feel. She responded saying she was interested. Mary gave her a code and asked her to message that code to the company’s HR department through Skype so they could set up an interview time. When using Skype (for those not familiar), you sign up with an email address and send messages using that, so Carol saw no problem in moving onto the next step.
Carol followed instructions. HR responded, and then immediately tried to video call Carol, which she hung up on. She sent a message saying she wanted to schedule a time, not chat right at that moment. The HR person responded saying they understood. Then they said something strange: they were sitting around, waiting on Skype all day, so any time Carol wanted to call she could. She did not need to set up a specific time.
Carol then asked if they could provide more job details before she scheduled a time, and that’s when they said: you will get more information on the job description once in the interview. It was worded the exact same way as when it came from the Jay Smith person days before. It was the same people. Different tactic this time with texts, a different company name, different job title (though still in the same field), and a different interview situation through Skype. But, it was all the same wording. Throughout this entire time, the HR person was messaging Carol insistently through Skype, pushing for an interview.
Carol blocked them on Skype and reported them to the site where they claimed to have found her information. For the next two months, she received emails and text messages from different numbers and addresses, all offering slightly similar job positions from somewhat official looking accounts. Carol ignored them, and in time, they left her alone. She has not received one of those messages for six months now.
So, what was the point? Carol did a lot of research on what scammers were after, but this scam doesn’t seem to be well documented online. In our expertise, we believe that they were hoping to lure Carol into an ‘interview’. Once there, they would tell her she received the job, and then they would ask for personal information — information such as bank numbers for a ‘direct deposit’ or even a social security number for ‘tax purposes.’
She was never sent a link to click or a file to download. Each time, they just really tried to pressure her into an interview to get more details.
We wanted to pass this story along to try and keep you all safe. Carol has no clue how these people received her information. Our best guess is one of the job listings she applied for was fake, but the scammers didn’t use the same company name on the ad as they did to contact Carol — scammers often do this because their listing gets removed by job sites the minute they are discovered as scams. Carol no longer uses the particular job site the scammers mentioned in their text.
If you EVER feel in your gut like something is a scam, trust yourself. Walk away and find something different. But, if you’re just not sure, here are a few things to look for:
- Check the end of the email address (the part that comes after the @) to see if it matches the exact company website — remember, .co and .com are two very different things.
- Reverse Google image search any photos of people you see.
- Don’t be afraid to reach out to people via LinkedIn or through the company’s website/phone number.
- Search for any phone numbers you are provided. If the person is using their personal cell phone, ask them to provide their official phone number with the company.
- If you do get into an interview that seems strange, don’t be afraid to leave it.
- NEVER give out personal information in an interview such as a bank account routing number.
Carol is very familiar with job scams, and she was very careful when she interacted with these people. She told us that from the beginning she figured it was a scam, but she was curious to see what it was all about (and if it wasn’t a scam by some miracle, that would have been awesome). That is why she pursued this so far. She also ended up working closely with the real Company.COM and the two people that were impersonated during that first round of the scam to combat that and get it reported online; she said when she realized the email address didn’t match, that’s when she 100% knew, but she wanted to make sure no one else truly fell for their scam so she kept going with it.
Again, if you ever feel like something does not add up, please walk away from it!
Do you have any job scams you’ve encountered recently? Reach out and tell us about it so we can share it to keep everyone safe.