The so-called Great Resignation is still underway as employees are leaving their jobs in hopes of finding a better one. That might mean less stress, fewer hours, more pay or a chance to pursue their passion. Regardless, the grass isn’t always greener and a new risk for job seekers has surfaced.

In Las Vegas last week, the Black Hat conference celebrated 25 years of events, an annual gathering of the country’s top security researchers. Among the presenters were cybersecurity experts from PwC who warned that nation-state hackers are using attacks aimed at job seekers. According to Sveva Vittoria Scenarelli, principal cyber threat intelligence analyst at PwC, and Allison Wikoff, PwC’s director of global threat intelligence, malicious groups from Iran and North Korea are using email, social media and messaging apps to lure in current employees at high-profile companies.

The scam involves malicious links that describe lucrative opportunities for remote workers. Click on the links and the job seekers are taken to fake websites that secretly install malware on their computers. Whether their end game is stealing money or identities, their scams have been dangerous and effective.

While many websites are look-alikes for well-known companies, the PwC speakers also noted that one criminal group was using fake companies as bait. These websites use sophisticated AI-generated profiles to represent employees, including recruiters and trainers who respond to would-be candidates.

These days, it’s tough to distinguish a real person’s message from one that’s generated through an AI program. Many legitimate companies are adopting AI software for their customer service activities with great success, and companies like Zendesk are already looking at expanding into AI-powered sales and internal employee communications for their customers. It’s no surprise that hackers are using similar technologies in their scams.

Job seekers may be particularly vulnerable to falling for an opportunity that sounds almost too good to be true, particularly if they’ve been on the hunt for some time. The combination of hope and desperation makes for an attractive target. But how can you avoid falling prey to these types of scams?

The steps are really no different than those used for other types of scams. The most important thing to remember is that if it sounds too good to be true, it’s probably a scam. Curb your enthusiasm and take the following actions.

PwC presenters said the most common tactic is to send file attachments and malicious links to their targets via email or messages. Never open file attachments from a sender you do not know and use extra caution when receiving an attachment from someone you do know. Emails are easy to spoof, so it’s better to reach out to the known sender to verify that the attachment came from them before you click to download.

Similarly, you’ll want to check any links you see in a job-related email and on job search websites. Hover over the link to make sure it is the exact web address used by a particular company. If you’re not sure, visit the company’s website via another tab by searching for that company name. These scammers often use a slight variation of a company’s URL to lead you to a malicious website.

You may also receive job queries as a text message on your phone, on WhatsApp, Facebook, Twitter or any other app that has a messaging feature. Again, if you do not know the sender, do not respond, especially if the profile seems suspicious.

If you’re a LinkedIn user, use extra caution when you receive messages from recruiters. Before responding, take a hard look at the sender’s profile and associated company’s profile, along with the job description. If you detect unusual wording, spelling errors and grammar errors, that’s a sign it may not be from a legitimate source.

Review the recruiter’s job history. If past positions don’t line up with the current one in Human Resources, that may indicate a fake profile. If you receive a message from a recruiter, note the chat style. If it’s extremely casual, perhaps with a simple “hey” you can be fairly certain it’s not from a Fortune 500 firm. If the message includes a short time to respond, it’s likely to be a scam. HR personnel and recruiters don’t pressure prospects to respond or click a link within minutes.

Great job offers rarely come out of the blue. Finding a new position that fits your qualifications is hard work — work that involves networking with friends and colleagues, pursuing their leads and submitting your resume to companies that have a matching opening.

Leslie Meredith has been writing about technology for more than a decade. As a mom of four, value, usefulness, and online safety take priority. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter