Job frauds in India have increased from the popular BPO scams to the ‘cash-for-job’ offers, and there are many ways you can get conned by scammers running deep-rooted job scams across the country. These scamsters ‘offer’ jobs to people, claiming to be from major MNCs while offering attractive packages and ask them to send in some cash or share bank account details to complete formalities.
Venkat Krishnapur, Vice-President of Engineering and Managing Director, McAfee India talks about safeguarding from fake job offers, and the solution to tackle such scams.
How do candidates get singled out by cyber criminals in job scams? How can job seekers protect themselves from being duped in such cases?
As the world gets more competitive with many industries offering great employment opportunities for people, parallelly, cybercriminals have created a fledgling industry out of fake job rackets. Cybercriminals are leveraging the aspirations and vulnerabilities of applicants who want to secure a lucrative job to extract money and personal information in the easiest possible way. Their target can range from freshers to experienced professionals looking for a career move by masquerading themselves as big brands promising jobs with great compensation and benefits. Phishing sensitive information such as the applicant’s bank details via email, in addition to requesting for an upfront payment are some of the common tactics used by cybercriminals to lure unsuspecting candidates.
In such situations, it is always advisable to step back and check the source of both the ‘from’ and ‘to’ addresses in the email. Also check the URL the email wants to send you to – that is often a big giveaway of a phishing email even if the content of the email looks authentic. A genuine email from a potential employer should never ask you to supply any of your security information. Applicants should also be aware that recruiting through text messages or instant messages is not a legitimate practice and can redirect you to a potentially malicious website.
Why have cybercriminals started targeting potential job seekers and why this space is becoming a hot bed for cyber frauds?
Candidates today are mandated to upload personal information such as their date of birth, educational qualifications, residential address and other personal data specific on job listing portals. This data thus attracts cybercriminals who then extract individual information to carry out cybercrimes such as extortion, bank frauds and identity thefts to name a few.
Cybercriminals often use these portals to reach out to unsuspecting candidates and upload malicious documents in the guise of PDFs or power point presentations. Most of the job portals are unaware of such activities as they often don’t have a robust security architecture to deter fraudulent job solicitors. Cybercriminals use social engineering tactics to create an urgency which compels the user to give in to the demands of the imposter. With a general lack of awareness on safe internet usage, cybercriminals can effectively achieve their goals with just one room and a laptop with an internet connection.
Duping in the name of any company might bring some bad name to it. What can companies do to tackle job scams, or what is the solution?
Cybercriminals replicate job offers or employment letters of reputed organizations by including company logos, letterheads taken from official websites and also add convincing personal details sourced through social networking pages of the official recruiter. Recently, the cybercrime cell of Hyderabad requested job listing websites to carry a disclaimer warning people of possible frauds on their homepage owing to the spur in job frauds.
While there is no hard and fast fix to immediately end job frauds, companies and job seekers need to imbibe a culture of cybersecurity to ensure that the data of both the employer and applicant is not compromised. Companies can strengthen their internal communications to ensure that their recruitment policies and processes are well understood by their employees, who will in turn ensure prospective employees do not fall prey to false job offers. Uploading information on best practices to be followed while applying for jobs online and apprising the user on potential cyber threats can go a long way in educating users. Also, in case a company notices their names being used for fake job advertisements, they should flag this to the authorities as well as issue an advisory to prevent potential job seekers from falling prey to these false advertisements.
Job scams are not reported quite often and yet the number is rising. How does cybersecurity come into play?
Most job frauds take place because victims are unaware of the telltale signs of a possible scam. A lot of these offers are for Work-From-Home jobs as it is easier to break into a home network by spreading malware hidden in the form of ‘offer letters’. It is advisable to invest in a Virtual Private Network (VPN), a piece of software that creates a secure connection over the internet from any access point. In addition to this, one could choose to use a firewall to block unauthorized access to personal devices. A firewall comes as part of a comprehensive security software. Additionally installing software that warns users of suspected malicious links would be highly useful in ensuring phishing attacks are minimized.
Users should be vigilant of the personal details they share on job portals and use strong passwords. Hackers use this information to impersonate the victims online or guess passwords and other log in details to bank accounts. It is also important to keep oneself updated on the evolving scams affecting the cyber world to ensure one does not fall victim to them.
How can awareness be spread among consumers to shield themselves from cyber frauds in this domain?
Most cyber frauds take place when they are least expected, and it is therefore important to keep an eye out for signs of a possible breach. Job portals should run awareness campaigns educating the masses on methods adopted by scammers to dupe candidates in lieu of a job and motivate them to report frauds, should they fall prey to one. Social media is an effective medium today when it comes to spreading awareness. Brands must therefore utilize these platforms to update prospective candidates on their employment policies and run warnings and tips on identifying a recruitment fraud.
Candidates too should pay attention to the finer details such as the URL of the ‘employers’ website and email account being used. Double check to see that the browser URL begins with “https” rather than “http.” The “s” indicates the site is secure. At the end of the day, one must also rely on one’s intuition and decide if the online job offered is authentic or not – if something on the internet seems too good to be true, users must be extra careful to first verify that it’s not a scam.