Have you heard of the term “recruitment fraud”?
Recruitment fraud is a growing trend where someone creates a fake job listing in the hopes of garnering either money or personal data from applicants. For example, they might create a listing that appears to be from a well-known organization in the hopes of getting would-be applicants to divulge personal information. This could involve fake recruitment e-mails, fake websites, or fake job posts (or all of the above).
Examples of Recruitment Fraud
Typically, the goal of the fraudster is to get either personal information or money. They do this by several means:
- Getting applicants to divulge personal details in a fake application, including identification details like passport numbers or social security numbers.
- Asking for bank information for any reason, such as:
- To pay for training materials;
- To set up a company account or for direct deposits;
- To pay for travel to an interview or job location; or
- To pay for visa-processing fees for foreign relocations.
- Directly asking for money for any reason (the reasons may be similar to the reasons they ask for banking information).
- Getting viruses or malware onto applicant’s computers and/or mobile devices through attachments or links in the job posting or other communications.
- Prompting users to try to log into accounts that are actually fake. This mirrors a typical phishing scheme in which the scammer then records the information entered on the fake site and uses it to log into the real account.
How Can You Protect Yourself From Being Used by Fraudsters?
You might be thinking, “My company only posts legitimate jobs—why should this concern me?”
The answer is that scammers can use your company or its branding in their scheme, which would damage your reputation and could even mean you lose potential employees who were scammed … and who now associate your organization with fraud even though you’re innocent.
Naturally, larger, well-known, global organizations have the highest risk here, but any company could be at risk. All the scammer needs is a legitimate business to mimic so that the would-be applicants think they’re working with a real company.
So, how can a company protect itself from being used fictitiously? It’s quite difficult to completely thwart scammers all the time, but there are preventive actions you can take.
- Have a section of your web page dedicated to warning potential applicants about recruitment fraud and explaining that you will never ask for banking information, money, or other similar items up front.
- Outline your exact application process, including the websites used, so that applicants can verify they’re using your own site and not one set up to mimic it. Tell them the exact URL they should look for and the suffix of your official corporate e-mail.
- Tell applicants what to look out for and what steps you will follow in the application process. Explain that they should be wary if these steps are not followed.
- Only use official corporate e-mail addresses to communicate with prospective applicants. Communicating with them through personal e-mails via Gmail or Yahoo is a red flag for applicants.
- Have a means for applicants to alert you to possible recruitment fraud occurring in your company name. This might be an e-mail address that is monitored for this purpose. Check on any tips that come in.
- Set up a Google alert with your company’s name and words typically used in a job description. Have someone monitor the results to ensure that only legitimate results show up.
Has your organization been used as part of a recruitment scam? How did you find out about it?