Right now, thousands of people are looking for a new job online. Some of them just want a change, but others are looking for a stable income to support themselves and their families. Scammers are targeting job seekers with precision, often making contact instantly after the victim submits and application or receives a notification from a prospective employer.
A reader of Salted Hash recently made contact about a situation their family member was dealing with.
The relative was hunting for a new job on ZipRecruiter, a Santa Monica, California-based Human Resources tool that allows employers to post positions to more than 50 platforms in a single push. For those looking for employment, their resume data is shared with employers who have access to the resume database.
After applying for a job with Sherwin-Williams Company though ZipRecruiter, the reader's relative – we'll call her Jane – was contacted by someone pretending to be the company's CEO, John Morikis, a short time later.
The scammer told Jane her previous application for Administrative Assistant was received, but "unfortunately that position has been taken…"
The email goes on to tell Jane about a Personal Assistant position with the alleged CEO himself. The offer is for $500 per week, including gas and other expenses. All Jane has to do is run errands, essentially collecting packages and shipping them off to another address.
In part, the email sent to Jane states (republished unedited):
"If you accept my offer, I will need you to take charge of my mails pick up and drop off as well as errand running during your spare time outside of work. The job is flexible so you can do it wherever you are as long as there is a post office in the area. I will pay for the first week in advance to run errands, and will also have my mails/packages forwarded to a nearby post office where you can pick them from at your convenience."
It's called re-shipping. In a scam like this, the "personal assistant' will collect packages and forward them to another address. Sometimes the package is forwarded to a P.O. Box somewhere in the U.S. Other times, the victim is asked to ship the package overseas. The U.S. Postal Inspection Service has issued several warnings to consumers about these scams, as the packages being shipped often contain merchandise purchased with stolen credit cards.
Jane knew the offer was fake from the start. The email requested Jane's personal information, including full name, address, city/state/zip, gender, age, phone number, email, and bank name. The email itself raised red flags with Jane, but the request for personal information is what confirmed the offer as fake – as no legitimate company would request such information before hiring a person, or solicit it via email.
The problem was the timing. The scam email arrived soon after she applied for a legitimate offer on ZipRecruiter from the Sherwin-Williams Company. Someone was paying attention, and falsely used the Sherwin-Williams brand and their CEO's name in order to give the scam some credibility.
During the weeks that followed, Jane received more than 20 different scam offers, including some that were sent via text message. Most of the scams offered to arrange interviews via Google Hangouts. Many job hunting websites (including ZipRecruiter) say such offers should be treated as suspicious.
When the first few scams were reported, ZipRecruiter took action and offered some advice, which included having Jane limit her resume visibility by removing it from the resume database that employers can access. Other advice included removing her address and phone number form her resume.
One of the scam emails received by Jane included other targets in the message's CC field, and when a warning was sent to everyone, the scammers reacted with threats. Soon after, she closed her account with ZipRecruiter and walked away from the website.
Salted Hash reached out to ZipRecruiter, and asked about internal controls for dealing with scammers, as well as what users can do when confronted with scams similar to those seen by Jane.
The company said they take great pride in the service they provide, but they are "acutely aware" of bad actors who try and take advantage of others. As such, they've continued to refine and improve, their systems to address the issue.
"On the front end, we use proprietary detection software and have stringent client on-boarding processes to vet potential posters and deny access for those who fail to pass our screens. On the back end, we re-run our detection software on job listings as they're posted and have customer service representatives available seven days a week to investigate and weed out suspicious posts."
Still, the company added, "no system is perfect, no matter how sophisticated or well intentioned."
The statement goes on to highlight the education and awareness offered to job seekers on how to spot suspicious activity and provide an email address where scams can be reported:
Salted Hash has covered work-from-home scams in the past, such as the case of a woman in Houston, Texas who lost $1,825 due to a mystery shopper scam.
The Identity Theft Resource Center has tips for job seekers who might want to avoid re-shipping scams, or other work-from-home schemes. They key though is to remember the old saying: If the offer sounds too good to be true, it is.
Other red flags to watch out for include paying to get the offered job; a request for sensitive information, such as Social Security Number and banking information via email or online chat; and ambiguous or confusing job descriptions.
The best bet though, if the offer raises even a single red flag, is to ignore it, report the sender to the job board, and delete the message.