Blog
Preventing and Combating Online Recruitment Fraud
Last week, I was asked again about an online recruitment fraud scheme. Threat actors are reaching out to job candidates on major recruiting sites, offering them interviews and even sometimes job offers “signed” with the name of actual employees at the organization. The fraudsters appear to be monetizing this scheme either by asking candidates for money to process their application paperwork, for bank account information for direct deposit or actually sending the candidate a check like the classic “overpayment scheme.”
By Anna Fridley
Last week, I was asked again about an online recruitment fraud scheme. Threat actors are reaching out to job candidates on major recruiting sites, offering them interviews and even sometimes job offers “signed” with the name of actual employees at the organization. The fraudsters appear to be monetizing this scheme either by asking candidates for money to process their application paperwork, for bank account information for direct deposit or actually sending the candidate a check like the classic “overpayment scheme.”
So what can a victim or an organization do if they’ve figured out that they or their corporate name has been dragged into this sort of scheme? Report, report, REPORT!
- Report your experience to the FBI’s IC3 website ic3.gov by filling out their reporting form.
- Report it to the recruiting website itself.
- For victims, report the scheme to the corporation whose name has been used in your case.
Where are threat actors getting their access to recruting information? Flashpoint customers can search within the platform and in Flashpoint Compromised Credentials Monitoring for Customer (CCM-C) products to shed some light on this question.
- Flashpoint’s access to Account Shops shows listings for credentials to recruiting sites for sale from a variety of sources for a range of price points. Compromised accounts verified to be accessing the job posting side can be priced as high as $50 whereas accounts in bulk logs from keyloggers or browser dumps are less expensive, US$1-10.
- There is also at least one thread on a top-tier Russian language forum (started in January and active until last week) looking to purchase “job posting” accounts on a specific recruiting site.
- Flashpoint Compromised Credentials Monitoring for Customer (CCM-C) data shows dozens of compromised logins for the recruiting sites I spot-checked.
Flashpoint subscribers to the Compromised Credentials Monitoring for Customers (CCM-C) product can check the credentials that their teams use on recruiting sites to see if they are exposed, and can search the platform for mentions of your corporate name in conjunction with the recruiting sites your HR department uses to see if there are compromised endpoints whose browser profiles are for sale.
Learn more about Flashpoint Compromised Credentials Monitoring by requesting a 30 day trial here and enable your teams to take a proactive approach of protecting client accounts against fraud.