Online scams are everywhere–and the job-search world is not exempt.
A consumer bulletin put out earlier this month by the Pennsylvania Attorney General’s Office alerts the public to rising trends in scammers targeting job applicants, a concern that should also be on the radar of employers, experts say.
In Pennsylvania, the Bureau of Consumer Protection fielded 22 employment-scam complaints in 2017–18 such claims have already been made this year. Though tactics vary, scammers have hit popular job sites like Monster.com and Indeed.com, posting fake job openings that solicit applicants’ personal, potentially sensitive, information or even outright ask for a fee to complete the “application.”
Some scammers use phishing techniques, such as posing as a legitimate, known employer, using the company’s name and logo, to steal their information.
“It can be difficult to tell the difference between an online job scam and a legitimate employment opportunity,” Pennsylvania AG Josh Shapiro said in the statement.
Shapiro’s office put out a list of precautions applicants should take to protect themselves from being victimized, including ensure websites and email addresses included in the job post are legitimate; cross-check that a job is also posted on the company’s website; and request a face-to-face interview. Employers can also be doing their own due diligence, says Joe Lazzarotti, a principal with Jackson Lewis, P.C., who also founded the firm’s Privacy, e-Communication and Data Security Practice.
Lazzarotti says it’s doubtful that a company could be held liable if a scammer uses its name as part of a false advertisement–as long as the company wasn’t aware of the scam–but association with a scam could run the risk of affecting recruitment, retention and branding.
“If the company doesn’t know anything, it’s hard to say that it’s liable,” he says. “But I recommend that companies be more aware.”
HR and recruiting professionals, he says, should make policing job sites for potential scams involving the company part of their standard practices, just as the same individuals may monitor job sites for employee and applicant feedback.
“I think people need to be as proactive as they can be so they can be prepared to react if they become aware of any information [involving scams],” he says.
The application process isn’t the only hiring aspect that could fall prey to scam artists.
Lazzarotti says scammers have also been known to “socially engineer” scams. For instance, they may track job postings and utilize social media to figure out who ends up filling that position. Then they’ll target that new hire’s work email with what is known as a “spear-phishing” scam, which is zeroed in on one person or organization.
“A new hire may get an email from one of these ‘bad guys’ asking for all of the W2s from the company’s employees the prior year and they may send them,” he says.
On top of the immediate ramifications, such an incident would also require the employer to notify all employees and to answer questions about the protocols it has–or does not have–in place to prevent such occurrences. As phishing attacks become more sophisticated, Lazzarotti says, employers are implementing policies and procedures to combat malicious attacks using employees, and also training workers on how to spot scams.
“If the company doesn’t respond quickly or if there’s a question about how reasonable the safeguards are to protect employees’ information, that’s one area of liability for employers that could arise out of these kinds of attacks that come from job searches,” Lazzarotti says.