Recruiters and job candidates need to be vigilant of emerging cybercrime trend

Policing and cyber experts at the NEBRC (North East Business Resilience Centre) are urging businesses and job hunters to remain alert, due to an emerging cyber threat targeting the job market. Expert Martin Wilson explains how to spot scams and avoid falling victim.

Businesses, HR pros, recruiters and job hunters  are being urged to remain alert, due to an emerging cyber threat targeting the job market. Cybercriminals often prey on vulnerable groups of people and this latest tactic does just that, targeting those searching for paid work with employment scams.

The trend sees cybercriminals impersonating organisations by sending fraudulent WhatsApp messages to unsuspecting job candidates. The messages encourage job hunters to unknowingly respond to, click links, download software or share personal information via the app.

Whilst this also happens over email, WhatsApp is increasingly being used in business settings and fraudulent messages are often more difficult to spot via the app. It may be that criminals prefer WhatsApp due to its global popularity and mobile accessibility. Messages are delivered instantly and read quickly, ideal for exploiting time-sensitive situations. WhatsApp’s informal feel can lower suspicion, and users are often likely to trust messages from known contacts or businesses more readily than emails.

What does an attack look like in reality?

An anonymous victim whose marketing agency recently suffered such a cyber attack has shared their story. The business owner comments,

“Earlier in the year, we were alerted to unusual activity relating to our business by a job applicant. Fraudsters had messaged several digital freelancers with a link to a fake job portal, asking them to pay a deposit to secure work with the agency and share financial information. Applicants were told they would be refunded, alongside an additional payment once the work was complete. However, this was a clever plot to steal personal and financial information and no such jobs existed.

“The criminals targeted freelancers across Europe, and after clicking the links and sharing payment details, the applicants eventually sought out and emailed the correct agency contact details, asking where their payments were.

“Upon receiving these emails, we knew something was very wrong and that we’d been impersonated in a sophisticated cyber-attack. A huge challenge then became finding all those who had fallen victim. We didn’t know who was affected unless they reached out to us directly. Luckily we had an action plan and process in place for any cyber breaches, thanks to our local business resilience center, the NEBRC, and so had support to help navigate the attack.

“I’d strongly recommend getting the message out as soon as you have an understanding about what is happening. We created social media posts, blogs and relevant email comms which highlighted the events which were taking place. This not only meant those who were vulnerable became educated but it seemed to stop things happening.  The blog post on our website about “how to spot if it’s really us” and the various channels we communicate on, was an important part of the process.”

Guidance for candidates: Whatsapp employment scams

Top signs of recruitment scams that could leave you at risk1.

  1. Poorly written job adverts.

  2. Suspicious contact information.

  3. Unrealistic salary.

  4. Being asked for money.

  5. A job offer without an interview.

  6. Illegitimate companies or email addresses.

  7. Non-UK web domains.

  8. Unsolicited contact from an unknown number

If you’ve fallen victim…2

  1. Once you suspect a scam, stop all communication but make note of their details.

  2. Do not give any money or further details to the scammers.

  3. Report the scam to Action Fraud. In the UK, you can report employment or recruitment fraud to Action Fraud on their website, or at 0300 123 2040. Alternatively, you can seek advice from the Serious Fraud Office.

  4. Warn ActionFraud of where the recruitment scam can be found.

Martin Wilson, Detective Inspector and Head of Student Services at NEBRC said, “Responsibility doesn’t just lie with the candidate, businesses have obligations, they should put recruitment processes in place which recognise this risk . A written process should exist, which is regularly reviewed and should include a section on any risks to the organisation’s stakeholders and a section in any client contracts. Failing to plan and respond to a threat quickly and appropriately can cause additional losses and depending on what has happened, the reputational losses may even have the biggest impact.”

Martin’s guidance for recruiters and businesses: how to prevent and protect against fraudulent Whatsapp employment scams

  1. Verification Processes: Implement robust verification processes for all job applications and communications. Verify identities through multiple channels before sharing sensitive information.

  2. Official Channels: Use official company channels (such as verified email addresses or company websites) for initial contact and information sharing rather than relying solely on messaging apps like WhatsApp.

  3. Educate Employees: Train employees and recruiters to recognise common scam tactics, such as requests for personal information, upfront payment requests, or unusual job offers.

  4. Clear Communication: Clearly communicate to job applicants about the company’s recruitment process, including which channels will be used for communication and what information will be requested.

  5. Privacy Settings: Encourage the use of privacy settings within WhatsApp to control who can see profile information and contact details.

  6. Report and Block: Promptly report suspicious activity to WhatsApp and block suspicious contacts or numbers.

  7. Public Awareness: Raise awareness among the public about the potential for WhatsApp scams and advise job seekers to verify the legitimacy of job offers through official channels.

  8. Legal Disclaimers: Include disclaimers in job postings and communications, stating that the company does not request sensitive personal information or payments through messaging apps like WhatsApp.

*Alert provided by NEBRC (North East Business Resilience Centre)

    Read more

    Latest News

    Read More

    Why are so many organisation forcing employees back into the office full time?

    13 December 2024

    Newsletter

    Receive the latest HR news and strategic content

    Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

    Latest HR Jobs

    We seek a HR Director who will sit on the main Board of one of our longest standing clients and report to the CEO. Manage

    They are now seeking a forward-thinking HR Director to support with their continued success. Reporting directly into the CEO, the HR Director will provide strategically

    This HR Director level role serves as the lead HR Business Partner for our global Go To Market (GTM) function and partners with the COO

    Reporting to the European VP HR, the appointee will have previous experience of working within a “matrix structure” and be accountable for the setting, implementation

    Read the latest digital issue of theHRDIRECTOR for FREE

    Read the latest digital issue of theHRDIRECTOR for FREE