The remote work scam that’s blowing up in the recruiting industry

It was a Sunday evening, and Jane Clark, cofounder of BrandSwan, a small digital marketing firm in Newark, Delaware, was alerted by her communications manager that they had received an alarming message. Someone has messaged them saying they’d been hired by BrandSwan but they weren’t sure it was legit.

Clark knew immediately that the person messaging them had not been hired. Nobody had. Because BrandSwan is run by a very small team who hadn’t been hiring.

“We kept getting more and more requests that night,” Clark told Technical.ly. “Voicemails and LinkedIn messages — I was immediately on it for two straight days.”

Clark set up a form on BrandSwan’s website for people to report fake recruitment messages that claimed to be from them, allowing them to track some of the Gmail addresses that the scammers were using and report them to Google.

It’s not the first time a small, tech-forward company has been hit by a recruiting scam.

The grift

“The whole scam is basically to pretend to be BrandSwan and act like we’re hiring,” Clark said. “And then what happens after that is that an email list of people get notified that they applied for this job, and they got it.”

The targets didn’t apply to work for BrandSwan, but some assumed that the company found their resume on Indeed or a similar job site. Active jobseekers may have applied to so many jobs that they didn’t question it, especially since it was the kind of job that was highly sought after: a well-paying remote job as a graphic designer.

While many of the more than 100 people who reported the suspicious message did so after the first contact, some responded to the initial email, which informed the recipient that they were scheduled for a virtual interview at a certain day and time.

At least one person contacted Clark after the interview stage.

BrandSwan is a woman-owned company with women in its leadership roles. The interview was with two men who appeared to be somewhere overseas.

Once the target is “hired,” they’re told that they’re going to send them some money to help them get set up with office expenses, which requires the target to give them their bank information, which they say they’ll also use to send your paychecks.

Text from a scam email reported to BrandSwan. (Courtesy image)

Organized, human-driven cybercrime

Cyber scammers are becoming increasingly organized, said David Burleson, manager of technology search for StephenDouglas, a national executive search and recruitment firm with more than 20 years of industry experience.

It’s called “spear phishing” — when you’re the focused target of a resourceful and organized group.

Even with the rapid rise of AI technology, some of the most potentially damaging scams are relatively manual, with real people having real interactions with the scam targets.

“I think there are some organizations, and it’s hard to say exactly where they are located, that have a number of very organized scams,” Burleson said. “You’ve got an organization of 100 people that are running this super organized scam and they have the technology to back it up. They’ve covered every single base. That’s some frightening stuff.”

The rise of remote work has been a catalyst for recruitment scams, said Chris Glanden, host of the cybersecurity podcast BarCode. A big part of it is that it’s much easier to fake an interview process when virtual hiring is a common thing.

“You’ll never get this scam for something where you need to go in and meet with someone in person, so it’s always remote,” Glanden said. “The spike really happened since remote work became more prevalent during the pandemic.” (Case in point: Philadelphia-based software consulting firm Arcweb was hit with an extensive recruiting scam — it’s first — in December 2020.)

Then there’s the fact that remote work is still popular for jobseekers, while a lot of companies are pulling away from it, adding value to remote jobs in general.

“When you’re operating 100% remotely, there’s only so much you can verify, and depending on the complexity of the scam, they can hijack real email addresses and can even set up full-blown portals where it’s very difficult to tell,” Burleson said. “People are busy and what I see most often is candidates that have been laid off are looking for jobs, and you’re talking to so many people that you don’t have the time to dig in to research every one.”

Time consuming as it is, research is what jobseekers need to do with every hiring company they interact with, he says, including verifying that the person you’re talking to exists and verifiably works for the company.

How spoofed companies and jobseekers can work together

Alerting the company that’s being spoofed is also important, even though they’re likely to be getting hundreds of reports. In BrandSwan’s case, those reports helped them put a stop to it — but not before the scammers tried to get them to pay them to stop.

“Most people would say don’t stir the pot, but I was feeling frisky that day, I guess, and I responded to one of their emails like, ‘Listen, I know what you’re doing. Stop it,'” Clark said. “And he said, ‘Sure. Just pay $5,000.'”

That requested transaction, which was to be paid through a cryptocurrency account, did not happen. Clark continued to report them, and, within a couple of weeks, it stopped.

“One day I just didn’t get any reports” through BrandSwan’s website form, Clark said.

She credits the would-be victims for their help in stopping it.

“I’m really proud of the process that we did,” Clark said. “We used technology to create workflows, so someone would fill out the form, my software would reply to them letting them know all about the scam and where they can find more information. Then I would check and see if the email address that they reported was one I hadn’t known before. What’s really cool about this is that it gave everyone a platform.  … Without their help, I wouldn’t know all the email addresses they were using. So, power to the people.”

In the end, BrandSwan protected its reputation — recruiting scams hurt companies by making them look like the scammers — and helped some of the jobseekers who’d been victimized.

“The saddest part was talking on the phone with one of them,” said Clark. “He was so disappointed that the job opportunity wasn’t real. That just broke my heart. So I said to anyone who reported and was looking for a job, send me a resume, I’ll look at it for free and help you get placed, just to offer some goodwill back. I wish I could hire all of them.”

Tips for avoiding recruitment scams

Recruitment scams are only getting more complex and more common: “I’m actually shocked by exactly how prevalent it’s become,” Burleson said. “It does seem like it’s blown up in the last three to six months.”

You can protect yourself as a jobseeker with vigilance.

“It’s difficult to be 100% safe from organized spear phishing,” he said. “But there are some basic rules of thumb and steps that you should always take if you are contacted on the web regarding a job opportunity.”

Burleson advises jobseekers to trust, but always verify and listen to your gut. More specifically, he advises:

• No organization will ever ask you for any financial information. “The only exception I’ve ever seen was a request for routing information if you want direct deposit, and that isn’t required. Simply decline.”
• Verify everything about the person or people you speak with — name, title and location. You should do that as best practice for any interview. These are perfectly normal questions in the interview process. If the LinkedIn profile(s) match, but you have any reason to feel uneasy, fire off a few causal questions about the LinkedIn background they claim. “Great to meet you, when did you start at ____?” Any hesitation would be a reason to dig further.
• Verify the email domain where any messages originate from. Don’t click or download anything, and only provide information directly to the company website — never through a link they provided.
• Don’t be afraid to ask questions. Companies train their employees to be wary of outside information requests because companies are phished, hacked and are constantly targets of cyberattacks. Legitimate companies will respect and appreciate your due diligence and caution.

If you’re looking at a suspicious recruitment email (or any recruitment email, really), you can also do what many of the targets of the BrandSwan recruitment scams did and find the company’s website and social media pages. There, you can inquire about whether the initial email is real, potentially saving you from moving past the first contact stage of a scam.