Due Diligence for Job Seekers: Avoid scams and identity theft
Looking for a new job can be daunting, but it's amazing what steps you can take to protect yourself during your search. You always want to make sure you're applying for jobs with legitimate companies, so it pays to do your due diligence. That's right—get into the habit of requesting a link to the job posting, and always remember to scan any files or documents before you open them!
In today's world, it pays to know how to conduct research on potential employers. We'll walk you through the process of doing due diligence when job searching, including how to request job postings upfront and using a reputation engine or antivirus software. Plus, we'll give you the scoop on conducting online research (OSINT) and why it's important.
Let's start by talking about the importance of requesting job postings up front.
Fake Job offers as scams
Have you ever been contacted out of the blue about a job that sounded too good to be true? Well, if it did, it probably was. Before you dive headfirst into a potential employment opportunity, you need to make sure it's legit and not part of a scam.
Scammers post fake job ads on job sites or send emails pretending to be from employers. They use attractive terms like "flexible hours" and "great pay" to lure in unsuspecting applicants who they then target with fake hiring schemes to obtain personal and financial information or require money to process applications or visas. These scam artists are creative; their tactics often mimic the language of legitimate employers which can make them hard to spot.
To protect yourself from these types of scams, it's important that you complete due diligence when applying for jobs online. Request a link to the job posting where the company has advertised the role and scan it through an engine such as Virus Total before navigating the site. Additionally, you should conduct OSINT on the company background before following up with an employer and do some research to ensure that an email address is associated with a real website domain and not just created randomly. Taking all these steps will reduce your risk of being caught in a potential job scam.
Be Wary of Unsolicited Job Offers
One of the red flags of a job scam is an unsolicited job offer. That means if you receive a job offer out of the blue—for instance, from an unknown person who messages you on LinkedIn or emails you directly—then it’s most likely too good to be true.
Be especially wary if the offer seems too good to be true, as often these types of scams are promising easy money upfront with little effort. Also be aware that recruiting firms that are legitimate generally don’t advertise jobs without explicit permission from the company hiring.
If the offer is different than what you typically come across and looks too perfect for your needs, then use your best judgment. It’s normal for a job hirer to reach out with a job opportunity, but make sure that their communication is professional and doesn’t ask for confidential information upfront. If something goes against your gut instinct or doesn't seem quite right – trust your intuition and look further into it!
Ask for the Official Job Posting Link
It's always a good idea to ask for the official job posting when a "recruiter" offers you a position. Have them email you the link (or document), and before you even click it, scan it in a reputable engine of your choice or an antivirus software. This way, you can ensure the link is secure and that no malicious payloads are attached before navigating to the site.
Doing your due diligence on the company and background is also smart. You can search their online presence—websites, social accounts—and get to know more about them. This way, if any red flags pop up, you'll be forewarned prior to taking on this position.
It's also helpful to include a link to your resume and LinkedIn profile when asking for job openings—this makes it easier for employers to vet your qualifications right away. When in doubt, consider setting up informational interviews so you can further explore job openings from credible sources only!
Check the Link and PDF in a Reputation Service First
Another important tip for job seekers is to check the link and PDF of the job posting in a reputation service before navigating to the website. If a PDF file was sent along with the job posting, this is even more important. Nowadays, bad actors can distribute malicious payloads via seemingly benign files like PDFs, which makes it essential to check the files before opening them.
Fortunately, there's a range of reputable services available that can quickly scan the file for any dangerous components:
By checking the link and files with a reputable service first, you can better protect yourself from credential harvesting and other malicious activities that can result in serious damage to your machine and data if left unchecked!
Do an Open Source Intelligence Search on the Company
Before taking a next step in the process of considering that job opportunity, it's important to do an Open Source Intelligence (OSINT) search on the company involved. OSINT is the practice of gathering information from public sources like social media networks, forums, search engines and more, and can be a major asset to any job seeker.
Of course you'll never be able to uncover everything you need to know when researching a company before accepting a job offer—but doing your due diligence via an OSINT search can help put your mind at ease with regards to making sure you are not being misled or taken advantage of by potential recruiters or malicious actors masquerading as job opportunities.
Look Into the Background of the Recruiter and Hiring Manager
Ever heard the phrase "do your due diligence"? It refers to researching something before making a decision, and it applies to job hunting, too. When a “recruiter” offers you a job, don't just take their word for it. Request the job posting and scan the link or document in a reputation engine like VirusTotal before navigating to said site to look into the background of the recruiter and hiring manager.
You can also conduct OSINT on their company—try using Google or social media to validate the contact information they've sent you. This kind of reverse lookup isn't foolproof, but it's one way to see if they're legit and even learn more about them.
And then there's pre-hire screening for HR professionals. They use methods like background investigations and reference checks; specifically, structured systems such as a set list of questions should always be used for reference checking and employment verification. Background checks can even verify applicant information through legal records.
Basically, don't be afraid to dig deeper when it comes to potentially sketchy job offers. That doesn't mean you need to hire an investigator—just use common sense and do your research before signing on with any recruiter or new employer.
Protect Yourself From Malware in Job-Related Emails and Files
Protecting yourself from malware in job-related emails and files is easy, but it's something you should do to keep yourself safe. With just a few clicks you can make sure that your computer and data are not exposed to malicious software or links.
Advanced Security Settings
One of the best ways to protect yourself against receiving malicious emails is to use advanced security settings. These settings can help prevent anomalous attachment types in emails, which may contain viruses or other malware that could infect your computer with malicious software.
Definition of Malware
Malware is a broad term for any type of malicious software on the internet, such as viruses, spyware and other unwanted programs. A virus is a subgroup of malware that can spread from host to host, corrupting files and damaging hardware and software components on computers and networks.
Be Alert
Scammers try to trick people into clicking on links that download viruses, spyware, and other unwanted software onto their computers. When requesting job postings upfront always navigate directly to the company’s website rather than clicking a link in an email. It’s also important to run virus scansusing reputable antivirus programs before opening file attachments sent by email.
Recommended by LinkedIn
Scan links and files with Virus total
If you don't feel comfortable with clicking on links sent to you by a "recruiter" and downloading files, there's an easy tool you can use to make sure the links are safe: VirusTotal.
VirusTotal is a fantastic for scanning links and files that could potentially contain malicious payloads; it checks them against over 70 antivirus scanners and URL/domain blocklisting services. Plus, you can submit any files or URLs for scanning with VirusTotal—all without having to register an account or input any credentials. And if you're using Android phones, Virus Total Mobile will let check the applications installed in your phone for security threats, too.
In short, if you're ever asked to click on a link sent by a "recruiter", or download a file they've sent, make sure to run it through VirusTotal first. That way, you know it's safe—and can rest easy knowing that your security is kept intact.
You don't need to provide your real address
You don't need to provide your real address when you're applying for a job. You may be asked for your address to verify your identity or your location, but that doesn't mean you have to put in your actual home address.
Instead, you can provide a street address for the primary work location of the job. This helps Indeed match the job with job seekers who may be looking for a job near that area.
Not only does this protect your privacy, it also makes sure that the potential employer knows the right geographic location for where they want their hired employees to work from.
By providing a street address rather than a home address, you can protect yourself from unnecessary data collection and make sure that you are only giving out information necessary to apply for the position.
Your data can be used for impersonation
When you receive a job offer from someone claiming to be a recruiter, it's important to remember that the data you provide could be used for impersonation. Impersonation is a type of cybercrime in which criminals try to acquire information from innocent people with the intent of using their personal data to take over their accounts or commit fraud.
These kinds of attacks are often targeted at employees who have access to sensitive data or can initiate wire transfers, and impersonation attacks are a type of phishing tactic used to try and exploit those weaknesses in an organization's security system. As such, it's important for job seekers to always request links and job postings up front when presented with an employment opportunity.
Getting into the habit of scanning any links or documents in an online reputation engine before opening them can protect you from credential harvesting or having malicious payloads placed onto your computer via seemingly benign PDF files. Additionally, taking time to conduct OSINT—open source intelligence gathering—on any companies that reach out can help ensure that their intentions are honest and above board.
By following these simple due diligence mechanisms, you can avoid falling prey to impersonation attempts and other malicious cyber tactics.
Get a burner phone for your job search
If you're job searching, you should also think about getting a burner phone. A burner phone is a super cheap prepaid mobile phone that allows you to make and receive calls and texts. They're a great way to protect your personal information when you're searching for jobs.
Plus, there are even some companies that offer work-at-home customer service jobs that require use of a burner phone! So if you want to make sure your personal information is secure while job hunting, getting a burner phone can be an easy way to do it.
You don't have to go out and buy an expensive new phone either—just look for ones online or check your local electronics store or grocery store for cheap phones that have prepaid plans.
Phone numbers can be sold to scammers
Believe it or not, one of the stealth tactics scammers and fraudsters use to target unsuspecting job seekers is through phone numbers. Telemarketers can purchase phone numbers from third party data providers, and data brokers can scour the internet for publicly available information that they sell to scammers. Additionally, scammers have figured out how to falsify or “spoof” caller ID information with local phone numbers in order to appear trusted and reliable.
So before you answer the call from a “recruiter” who is offering you a job opportunity, take a few moments for due diligence to protect yourself from credential harvesting, suspicious websites, and/or malicious payloads being placed onto your machine via that seemingly benign PDF file. By taking the steps outlined above—requesting a link to the job posting where the client has the role displayed, scanning it in a reputation engine of your choice or AV before navigating to said site—you can save yourself time and energy by ensuring it is safe to continue with your job application.
Some recruiting companies might not be protecting your data properly
No matter who you are speaking to, it's important to ensure the company you intend on working with is compliant with GDPR. After all, information is power, and those companies that are not compliant with GDPR might be taking liberties with your data.
GDPR requires recruiters to constantly seek your permission before processing and sharing your data. If the company you're dealing with does not focus on candidate consent and lawful processing under GDPR when communicating with you, they may be doing things that put you—and your personal information—at risk.
It's important to remember that a recruiter's obligation is not only to protect your privacy but also to seek explicit consent from candidates before processing and sharing their data. In other words, if a "recruiter" offers you a position, always request a link to the job posting where the client has the role displayed. From there, scan the link (or document) in a reputation engine of your choice or AV (Anti-Virus) before navigating to said site. This is one of many simple due diligence mechanisms that will help protect you from credential harvesting and/or potential malicious payloads placed onto your machine via seemingly benign PDF files or other forms of content.
Job scammers and identity theft
The last thing you want to do is fall victim to identity theft or a scammer posing as a recruiter. When someone offers you a job, make sure you take steps to protect yourself.
Request the Job Posting
When a suspected "recruiter" offers you a job, always ask for the link where the client has the actual role publicly posted. This is an important step for several reasons. First, it helps ensure that the role is real and that the person making you an offer isn't a scammer. Second, it gives you more information about the job itself so that you can make an informed decision about whether or not it's right for you.
Scan Everything
Once requested, scan any files or links they give you using a reputation engine of your choice before navigating to said site (if applicable). This helps to ensure that if any malicious payloads or other malicious code are present in the link or document, they won't be able to infect your machine.
Conduct OSINT
On top of scanning all attachments and links for potential malicious content, make sure to conduct some background checks on both the company and individual who reached out offering you employment. You can do this easily via online search engines and background check websites like CheckPeople or TruthFinder. Taking these few extra steps will help protect your personal information from being stolen by scammers and identity thieves.
When job seeking it's important to take extra steps to ensure that the job is legitimate. Requesting the job posting is key, and scanning any documents you receive with a reputation engine to make sure there are no malicious payloads is a must. Furthermore, performing some open source intelligence on the company is a good way to double check before you provide any personal information. By taking these extra steps, you can protect yourself from potential harm and help ensure that you make the best decision for your career.