Kurt Schiller noticed a weird message come through Arcweb Technologies’ chatbot late last Monday night.
The message was from someone inquiring about a job that the software consultancy wasn’t currently hiring for. It was odd, the head of marketing recalled. But Schiller didn’t give it much thought until during work hours the next day.
“Then, Tuesday, a colleague in the marketing department told me she’d gotten a LinkedIn message from someone asking if she was really the person they’d just had an interview with,” Schiller told Technical.ly. “The person was saying they’d felt fishy about the interview, and the subsequent job offer and fact that they were about to send me a check for remote work equipment.”
It immediately reminded him of the message the night before, Schiller said. By the end of the day Tuesday, multiple staff members had received messages on LinkedIn and through company communication channels with similar stories. People were reaching out because they’d just had an interview with someone on the team, and received job offers within the span of a day or so, and something felt off.
And they were right.
For an unknown amount of time leading up to last Monday, scammers had been posting phony job openings on popular job-seeking sites such as LinkedIn and ZipRecruiter (which often auto-populate jobs from one another, along with Indeed). The scammers used similar titles to ones Arcweb had used in the past, and in some cases, exact language from older job postings.
Unfortunately, a phishing scam has posted fraudulent Arcweb job listings on ZipRecruiter, LinkedIn, and elsewhere. We are doing our best to have the postings removed.
In the meantime, please don't provide any personal info to anyone claiming to be an Arcweb recruiter. Thanks.
— Arcweb Technologies (@Arcweb) December 2, 2020
And when they called to perform interviews with applicants, they often used real names from people on staff, Schiller said.
“That’s one of the creepiest things about it,” Schiller said. “The scammers were using the real names of people at Arcweb, pretending to be us. So the messages coming through on LinkedIn were from people thinking they’d just talked to us.”
They believe the scam went like this: After applying, the scammers would set up an interview through some virtual phone system, such as Telegram. After a quick interview with someone posing as an Arcweb employee, they’d be sent an offer letter asking for the applicant to attach a copy of the front and back of their photo ID. They also said they’d be sending a check to purchase remote work equipment.
The Arcweb team isn’t entirely sure of the motivation behind the scams, other than the obvious collection of personal information. In some cases, he said, applicants were even asked for their green card information, if applicable. Over the course of last week, the company heard from nearly dozens of people who’d seen a job listing, performed an interview or gotten a “job offer,” Schiller said.
"The heartbreaking thing is we have no way of knowing how many people were actually involved — probably at least few dozen."
Although the jobs used similar language to ones posted in the past, they were mostly entry-level positions the company isn’t hiring for right now, he said.
“The heartbreaking thing is we have no way of knowing how many people were actually involved — probably at least few dozen,” Schiller said. “We think between at least 30 and 60 people.”
Once they’d heard about the scam, the leadership team immediately began work on figuring out where the postings were coming from, reporting the scam to authorities and reaching out to the sites that were hosting the fraudulent listings. Arcweb posted about the scam on its website Wednesday, telling folks that if they recently applied to a job at the company anywhere outside their internal company page, they might be a victim of this scam.
“Legitimate Arcweb employees will never ask you to provide personal information or ID via email or telephone as part of any hiring process, and so under no circumstances should you provide any personal information to any recruiters, or make any purchases at their request,” the post says. “You should cease all further communication with these individuals, and under no circumstances should you click any links that they may have sent you.”
The company also suggests reaching out to law enforcement if an applicant has provided any personal information to the supposed Arcweb rep.
Another troubling discovery Schiller said the team made last week was that LinkedIn effectively lets anyone post a job for a company. The user doesn’t appear to have to be employed there to create a job listing for that company.
LinkedIn does address the issue of scam job postings on its help page: “Scammers create false identities or impersonate legitimate people or companies,” it says. “Their goal is to steal your money or in some cases, your identity.” But because content on the site is user generated, the platform does not endorse or guarantee job materials posted there. LinkedIn did take action to remove the posts, however, after Arcweb reported them as spam.
By the end of the day on Thursday, Arcweb had gotten most of the listings removed, and by Friday, had gotten fewer and fewer messages. Since last weekend, they’ve gotten maybe three messages, Schiller said, whereas the same time last week they were receiving two or three an hour. The team’s still keeping an eye out for new listings to pop up.
Other local tech companies have been in his position before, including Roundtrip and Exyn Technologies.
“Businesses are inundated with online scams, but this is the first time our employees were impersonated in live conversations,” Arcweb CEO Chris Cera told Technical.ly. “It’s upsetting that LinkedIn is effectively helping their users get fooled by promoting these fake jobs alongside our corporate pages and employee photos.”
It appears it’s not a new scam. Professional development sites host articles about how to protect yourself from common job-seeking scams, and ways to protect your personal information in job-hunting.
Cera reached out to a network of business owners via an email listserv to warn about the scam, and found that others have been in his position before.
A staff member at drone company Exyn Technologies confirmed to Technical.ly that a similar situation had “happened to some folks on the team.” And Mark Switaj, CEO of healthcare transportation startup RoundTrip, told Technical.ly that his company went through a similar situation about a year ago. He shared an email the team received last December:
“I was hired by your company as a ‘work from home’ administrative assistant,” the email reads. “I was to be online at 8:00 to get my supervisors information. I was ready and waiting by 7:58 am EST. I reached out to the recruiter a million times and still no response. Did I get scammed by someone just using your company.”
That email was the tip of the iceberg, Switaj said. They learned of at least two others who had gone through the same experience via posts on LinkedIn, and encouraged anyone effected to contact the Federal Trade Commission.
“Fortunately after we notified the FTC, the posting sites, and shared support with those affected, the noise stopped,” Switaj said. “It will always be on our radar!”
Since last week, Arcweb has taken steps to ensure applicants seeking out jobs with the software company are getting the real thing. They’ve shared a blog post explaining the scam, and turned off the function where jobs posted internally get shared on other job sites like ZipRecruiter. They also reached out to each of the job boards involved to suspend posting for jobs under the company.
Schiller’s advice includes keeping aware of what’s internally posted, and an eye out for future job listings on external sites. Multiple resources for fighting scams also reiterate that applicants should never have to pay for a job, or provide bank or personal information, and that they should check the legitimacy of the email addresses they’re conversing with.
While the scam affects the company’s reputation, Schiller said, he and leaders like Cera are mostly worried about the folks who may have been caught up in it.
“Most people were very understanding about our involvement in it,” Schiller said. “But more importantly, they’d just gone through a stressful and confusing situation. It was very much a top-to-bottom effort for dealing with the scam, but where our concern lied was mostly with the people who may be victimized.”-30-
Future Works Alliance PHL launches to shape and grow Philly’s workforce
‘Top transitions’ could aid workers who lost their jobs amid COVID-19, says this Philly Fed report
RealLIST Engineers 2020: Meet 21 influential technologists building a better Philadelphia
Meet the 42 young pros in Leadership Philadelphia’s 2020-2021 Keepers cohort
Sign-up for daily news updates from Technical.ly Philadelphia