SCAMMERS: TARGETING UNEMPLOYED

In a recent communication, I identified a potential scammer but honestly, it was difficult to distinguish reality from Fraud.

Here is what I discovered... Reddit had several posts where individuals were scammed by individuals claiming to be human resource managers and hiring managers.

Some of the posts were titled “Beware of Thermo Fisher Scientific Job Scams!” and "Job Offer from Thermo Fischer - Too Good to be True?" Others say, "my Cash is gone" and similar over and over!

So as a job seeker, it can be scary, often throughout the hiring process it is fairly easy to get scammed, but how far will they go?... And what is Thermo Fischer doing about it?

Today's technology makes writing articles simple, and building job offer templates has become easier and easier for hackers. Using a GPT or even Microsoft Bing you can ask a GPT to create or find an offer letter for you and google a company image. Before you know it, you now have a professional-looking offer letter. SCARRY, RIGHT? But before I unveil how it's done, let's talk about how they are getting in touch with you...

1. First off, let me begin by explaining... User accounts can be created on any major platform including ones used by legitimate recruiters and business owners. If a recruiter does not have an image on their profile it's a red flag. But, even then generating one using a tool like DALL-E AI only takes minutes to generate 4 or more realistic images. I look for a missing image, before accepting any connection requests via Linkedin. I then examine two key pieces of information, how many connections do they have and when did they join Linkedin? After Accepting they've made contact with you and begin scamming... Often this begins by identifying individuals open to work.... For clarification purposes, we will call this the direct contact method
2. Are Job postings safe? No, they can still be manipulated by using a credit card from someone previously scammed, or by an individual who received a free job posting via a trial. How does this work? By submitting a resume a scammer now has additional information they can capture from you such as your home address, phone number, and email address. "Now they even know where you live..." plus, when they reach out via Linkedin they can leverage the job application, saying I've reached out to discuss the XYZ role you applied for or send an email/text... "Now they seem 100% legit making it difficult to detect." To keep things aligned we will call this the "Indirect contact method."
3. The Interview Phase? Are you safe here, NO! Not only are they trying to scam you, they are wasting your valuable time. A sophisticated scammer could easily pop on a video using "Skype, Teams, Google, or Zoom". So how can you avoid the scammer? First off, assume if they are not on video or showing their face it's possibly "A red flag". Be careful about what you verbally share, and if NFTs come up as a form of payment that also can be a red flag. We will refer to this as the "Live contact method"
4. "The offer letter", Don't be fooled, you aren't safe yet! The next phase of the scam is still pending. In most offer letters, it asks for proof of ID typically without an I-9. "This is a potential red flag" if you know your forms. Remember a scammer could even fill in the standardized form with the company information, so even with the form you may not be safe. If the interview does not say to have the form certified by a witness you may have found the "final red flag". If completed, the I-9 form will ask for your driver's license, social security number, and more. At this point, your identity is 100% compromised. For clarity's sake, we will call this the "Compromised Method." To avoid being compromised you can validate if the email address is directly from the company's portal. If not you have another red flag.
5. Final Review, it's possible you may have questions about the forms and may ask for a quick call to review or negotiate the pay. You often think this may be where the scammer vanishes, but what others and myself have recently, is that follow-up may be expected. They are ready for a quick call or text. In my example, it indicated a $5,000 check would be sent to pay for equipment. This was a red flag. 10-15 years ago this would be the norm but in today's world choosing your PC is extremely rare as it will need access to VPN, and security software to access company information. This is a red flag. Do not be surprised if a direct deposit form is requested. We will call this stage the "Final Review Methodology." After this phase, you are in the end-game for the scammer.
6. "End-Game", Assuming somehow the scammer was able to convince someone to continue the process there are a couple of ways you could be scammed. The check will likely come with some sort of website where you can select which items you wish to buy, and they may require it to be purchased from that specific site. In this scenario, the website is often controlled by the scammer. They will push you to buy something before the check clearing at your bank which could take up to 10 business days (2 weeks). Now you are spending money you don't have. You likely won't receive a product from the website, have used/shared a credit card to order (now shared with a scammer), and have shared your banking information. Recapping what just happened, you have shared the following information

• your name
• your address
• your email
• your phone number
• your bank account
• your credit card
• Plus any information shared verbally on the calls.

Not only are these people being targeted who are out of work... THEY ARE WITHOUT INCOME TO SUPPORT THEMSELVES.

Money stolen from the bank could take weeks to recover leaving the unemployed jobless and without income! Imagine all of this happening on top of not continuing to interview. This could even lead to people being homeless.

In the example pursued by a scammer pretending to be Thermal Fischer, I found a lot of issues from recruiters not following guidelines. Companies such as Thermal Fischer appear to offer a place to submit a Fraud report; but block key information being shared such as the scammer's email or links.

A "Fraud Report" requires certain information to be shared with local authorities, and by blocking some of those pieces of information the incident may not be reported due to grey areas in the legal process.

Due to not allowing URLs or domains to be shared within the report, it highly reduced investigators' capability of pursuing spammers. In the scenario, I shared there is a registered domain name similar to the company's URL.

For my Human Resource Experts, I have a few questions...

• What can we do as an individual?
• What can we do as a business? How do we protect our Image?
• Where can we report the issue? What do we look for?
• I'm already exposed, now what do I do?
• At any point, does your local state and federal department offer services to assist with reporting and investigating? Are you able to assist?

• A file attachment from a scammer asking for references or even the offer letter could be dangerous It doesn't take a lot to embed a virus in a file, opening up your PC's data to a potential scammer. It's here they could access additional passwords, and information without you knowing.
• Please share your thoughts and opinions, and consider new AI capabilities. How should we navigate complex and super-powered scammers in today's modern world?

#PersonalSecurity #ScammerALERT #Failure #AIscammers #AIburn #legalrisk #humanresource #helpme #scammer #hiringrisk #HRrisks #recruiters #jobopening #applyhere #jobs #alerts #Linkedinjob #ThermalFischer Thermal Control Business Update @ThermalFischerScientic #Fisher #failure #unemployed #jobless #homeless