Recruiter Scams Impersonate Brands, Extort Job Candidates

This blog on recruiter scams is pulled from the white paper: Social Engineering on Social Media: The Top Fraudulent Account & Impersonator Tactics. Get your free copy.

As social media threats continue to evolve and mature, impersonator accounts and recruiter scams are on the rise across Twitter, Google+, and LinkedIn. On Twitter and Google+, they impersonate the company’s recruiter by using the company logo and provide a method to contact them about a job via email. The account looks legitimate, but the profile image containing the company logo may be a cropped version of the official logo. Additionally, the contact email is typically not a company email but rather a free email server such as gmail, yahoo, or hotmail. Many times they will use the company name somewhere in the email address to make it more convincing (Figure 1).

Figure 1a - Twitter fake recruiter scams using name, logo, and fake email address, Figure 1b - The same fake recruiter scams on Google+

This technique is common to LinkedIn as well (Figure 2). Identifying these threats can be difficult at times because the attacker may use a homoglyph or slight misspelling of the official company name. Additionally, image matching can be difficult because attackers often use a cropped or flipped version of the official logo. This is where advanced image recognition improves detection accuracy.

Fraudulent accounts request credit card information to pay for the job placement services as a method for phishing financial information. This tactic is so common that many organizations have dedicated a webpage to warn applicants of scammers impersonating the company’s recruiters (Figure 3).

These fake impersonators and scams present a reputational risk to the organization. To mitigate these risks, ZeroFox recommends the following for organizations:

• Add a subsection to the job posting website warning job seekers of impersonators and recruiter scams, specifically ones that request an application fee or refer the applicant to apply through a provided free email account.
• Track registration of hybrid and homoglyph domain names using the company name or brand in the domain name.
• Monitor for so-called “official” recruiter accounts on social media impersonating the company’s name, brand, and logos.

There are plenty of legitimate job placement individuals and agencies on LinkedIn, but using the aforementioned guidelines offered above, organizations and job seekers can be better equipped to identify the recruiter scams & impersonators amongst the crowd.