Employers, beware of scammers hijacking your identity to commit job recruitment fraud

Photo of applicant completing an online job application on his laptop

Just when it seems that consumers have caught on to one particular online scam or phishing expedition – think of the ubiquitous Nigerian prince email scam that first began making the rounds in the 1990s – a new one comes along.  By now, the list seems endless: online dating scams, bank and credit card scams, fraudsters posing as charities, social media quizzes designed to collect personal information, and lottery scams. Now you can add to the list another one that’s significantly gained in popularity since the start of the pandemic: job recruitment fraud.

In this type of scam, fraudsters impersonate an employer’s recruiting, interviewing and employment team, create bogus job offers, and target job seekers by using fake websites or fake email addresses. They then post the fraudulent employment opportunities with the company they’re impersonating in order to obtain sensitive personal and financial information from the unsuspecting employment applicant.

Some fraudsters go so far as to impersonate a company’s former employees, communicate with and hold interviews with applicants, and even extend job offers on behalf of the company. Employers have even reported individuals showing up for their onboarding meetings when a job requisition has never been opened. Occasionally the scammers request payments as part of their fake recruitment process.

Like other online scams that seek to separate people from their personal information and money, job recruitment fraud is not a victimless crime, and employers may face reputational harm if they don’t take steps to minimize their risk of being impersonated, or to promptly respond if recruitment fraud occurs.

Taking action against scammers

So, what should you do if scammers hijack your company’s identity as part of a job recruitment scam? First, take immediate action to get false domains taken down and report the fraudulent domains to the appropriate registrars. In some circumstances, employers may also consider submitting a UDRP (Uniform Domain-Name Dispute Resolution Policy) complaint in order to gain access to the domain for your company. Second, we recommend that you post a scam alert on your website to advise individuals of the recruitment fraud incident and to provide them with information about your recruitment process so they can avoid falling prey to fraudulent activity.

To combat these scams proactively, employers should seriously consider updating their job postings, social media, and websites to provide specific information about their recruitment process. For example, employers should identify authentic email addresses that will be used by the employer for recruitment purposes, inform applicants that they do not use text messaging for recruitment, and identify specific webpage(s) as containing authentic information regarding company job postings. In addition, employers should notify job applicants that the employer will never ask for a financial commitment from an applicant as part of the recruitment process, and that all interviews will be conducted in person or through video conference invitations from official company emails.

If you need assistance with a recruitment fraud incident or preventing one, please contact your McAfee & Taft attorney.