How to Tell if a Job Offer is a Scam
Apr 18, 2024
Subject: Invitation to Interview
When you're looking for a job, few subject lines popping into your inbox will bring you greater joy than one that invites you to an interview. When Samantha got this email, she was thrilled. She hadn't heard of the company, but the position they were asking her to interview for matched her skillset as a developer. After checking the company out she saw that they seemed to do good work, had good reviews, and looked legit. She replied right away to get something scheduled.
Their reply was a little odd - they asked her to download an app to connect with their hiring manager. They were already conversing via email, why would she need to download another app?
This was a big enough red flag for Samantha to go back to the company's website, and find another way to contact them to ask if this was a legitimate offer.
The company she believed was reaching out to her was ours. Yoko Co.
Only, it wasn't us. Someone was impersonating us to try to scam Samantha (whose name isn’t actually Samantha). If your company is currently the target of a similar scam, I shared How to Stop Employment Scams from Impersonating Your Company or Organization, which details how to get this kind of scam taken down.
While we were doing the work of removing this scourge from the internet, I was curious to know what this scam looked like from the inside. Was it compelling? Convincing? What was the end game? Would anyone actually fall for it?
So, I asked my friend, Erik Gibbons, if I could impersonate him as my cover identity. He graciously accepted, and I set up a new Gmail address to use as I prepared to go deep undercover. I used this address to reply to the email I'd "received" (I just replied to the one Samantha forwarded, and edited the fields to make it look like it had been sent directly to my cover email address.)
I waited, eagerly, for a response. Unfortunately when I went to log in to the newly created inbox to check for a reply, Gmail informed me that the account had been suspended, as it was suspected of being used inappropriately. Fortunately, you can appeal these suspensions, and so I did. There isn't much room to explain the situation, so I tried to make it brief:
"Someone is trying to scam people, and I set up this account to find out who it is and stop them.”
I didn't think it would work.
It did.
Clearly someone at Google wants the good guys to win a few.
Before long, James Steve (never trust someone with two first names) replied and told me to download Wire Secure Messenger (Wire is well aware of this issue). This has to lose them a ton of people, and I have no idea why the scammers have landed on this app as the one to use to conduct interviews instead of email, but sure...
So, I download Wire, create an account, and reach out to @MelindaKarl9, which seems very legit. "She" replied, and asked me for a confirmation code, which it turns out they had included in their very convincing Pre-Interview Company Briefing, attached to the initial email. I copied and pasted the code in, and admittedly, this does give it a renewed air of legitimacy.
"Melinda" informs me that this will be a text interview, and it should last about 50 minutes. The air of legitimacy vanishes like smoke dispersed by the red flag "Melinda" is waving in my face. Nevertheless, I play along and agree, and we schedule an interview for Thursday at 11:00 AM.
While I'm waiting for Thursday to come, I and some other members of the team wonder about the nature of the scam. Is this a professional operation, where they route all the interviews into a call center somewhere and make a volume play, similar to the recent rise in awareness of Pig Butchering scams? Or is it maybe just an API routing communications through an AI so the scammers don't even need to be present?
In this case, probably neither.
I signed on promptly at 10:59 AM and messaged Melinda:
I tried again at our agreed upon time.
Finally... their interview questions are lackluster. Essentially a series of generic "developer" questions, clearly designed to dupe unsuspecting victims into believing they were dealing with a legitimate company. Testing the waters, I threw in random jargon and acronyms, and sure enough they seemed impressed with the answers. The interview concluded and they showered me with congratulations and promises of employment.
🎉
Here is where my journey comes to an abrupt end... while I was playing along with the interview process, we were also working to shut down the scam entirely. I thought it would take a few days or a week, but it ended up only taking 2 days. (Hooray? I guess?) And so, on Friday as I anticipated my "acceptance letter" from... my own company, I got word from NameCheap, the domain registrar the scammer had used, that they had shut the offending domain down.
Heartbroken, I had to know how the scam ended. Thankfully(?), some of the people who went a bit further in the process were willing to share their stories with me.
After the "interview," official "paperwork" was emailed which included a vague job description, and also a payroll form, which required a lot of sensitive information including a SSN and banking info for purposes of payroll.
Another curious soul filled out these forms with bogus info just to see what comes next. They found that to keep the victim busy, they are sent a set of dubious assignments, which, upon researching, seem to be lifted straight from sites like Upwork and Freelancer.
Of course, during this time period they're busy exploiting this personal information in an attempt to siphon funds from their victims’ accounts. These scams often originate outside the US, though frequently utilize US intermediaries to facilitate the transfer of funds out of the victims accounts, and then move any scammed funds overseas. This leaves only a trace of a paper trail, and little recourse for victims who find their accounts that much lighter as a result of the scam.
Major thanks to the folks who brought this scam to our attention and we’re grateful for their proactive communication and diligent outreach.
So, what's the takeaway? How do you prevent yourself from getting caught up in a similar scam when email addresses and phone numbers are all too easy to spoof? Simply put, a great rule of thumb against any scam in which someone is pretending to be someone, or to represent an organization, is to initiate communication to that person or organization directly. Go to their actual website, find their actual email address or phone number, and reach out that way. You'll connect with the actual organization, and quickly discover if someone is out to get you.
This is not the only scam of this type and it has many variants. With a little awareness and a proactive approach, you can avoid being a scammers’ next victim. We think working on the internet is great and hope you join us here soon.
