Job Scams

Job seekers should look out for:

• Unsolicited job offers without interviews or applications. Legitimate employers typically follow a standard recruitment process.
• Early requests for personal data (e.g., Social Security number, banking information). See  Identity Theft for details on how scammers can exploit your personally identifiable information (PII).
• Recruiters using free email accounts like Gmail, Outlook, or Yahoo.
• Requests for upfront payments for training, equipment, or background checks.
• Attachments (e.g., coding challenges) that contain malware.
• The interviewer's video is off, malformed, or has odd visual or audio artifacts.
• Vague job descriptions or unusually high pay offers.
• Fake checks followed by refund requests.
• Pressure to buy tools from scam-controlled websites. Sometimes, scammers may ask you to order supplies or equipment through a site they control, charging your credit card and delivering inferior or no goods at all.  See the  Advanced Fee Fraud for more on how this scam works. 

Employers should look out for:

• Candidate's video is off, malformed, or has AI artifacts.
• Candidate qualifications and salary expectations are too good to be true.  
• Resumes containing malicious attachments.
• Applicants using false or stolen credentials.
• Requests to update payroll or banking information.
• Fake staffing firms submitting bogus invoices.
• Inconsistencies in work history, such as gaps, overlapping roles, or unverifiable companies, may indicate a fraudulent application.
• Advanced certifications, elite university degrees, or prestigious positions that seem inconsistent with the applicant's age or experience should be verified independently.
• Resumes sent in unusual formats (e.g.,  .exe,  .scr,  .js) or password-protected files may conceal malware.
• Unnatural phrasing or keyword stuffing without meaningful context can indicate the use of generative tools or template manipulation.
• The file properties may contain suspicious author names, software used, or unusual timestamps.
• A person claiming to represent a staffing agency or hiring company should be verifiable through corporate directories or LinkedIn.
• Fraudulent recruiters often pressure HR staff to make quick decisions, bypass vetting, or approve payments.
• Official recruiters rarely use Gmail, Yahoo, ProtonMail, or other personal email services.
• Any recruiter or hiring manager unwilling to follow your established HR policies or documentation practices may be suspect.
• Watch for attempts to redirect background checks, salary negotiation, or equipment purchases to unfamiliar third parties.

For job seekers:

• Contact the employer through official company email addresses, websites, or phone numbers. Avoid communicating with "recruiters" who use personal email accounts or messaging services. 
• Research companies on LinkedIn, Glassdoor, etc.
• Demand video interviews with cameras on.
• Never send money or sensitive info without validating the requester.
• Verify recruiters via official company websites, not provided links.
• Verify the company's legitimacy through online reviews and reputable sources. For example, find the company on Glassdoor or other sites to verify its authenticity and obtain the contact information for its human resources department. Then, visit the company’s website and locate the phone number of their HR or Security Office. They should match.   
• Next, explain that you're a candidate for a position with the company, verify that the recruiter you have been talking to is truly a recruiter for that organization, and verify that the person is actually handling your specific recruitment action (vs. an imposter posing as that recruiter).
• If you cannot confirm the validity of the recruiter and recruitment action, you will need to continue with steps to protect your identity and finances.  
• If the recruiter works for an independent recruiting firm, contact the recruiter's company to verify their employment and that they are handling your specific recruitment.

For Employers:

• Use secure platforms to collect resumes.
• Verify applicant identities and perform background checks. 
• Contact the applicant via out-of-band communications (e.g., social media) to confirm their identity. 
• Scan attachments for malware.
• Train HR professionals to recognize the subtle signs of fraud and malicious behavior during hiring interactions.
• Conduct monthly security awareness briefings with real-world examples of resume and recruiter scams.
• Use phishing simulations that include fake job applications to test internal vigilance.
• Maintain an up-to-date HR fraud response checklist for staff to reference during suspicious interactions.
• Encourage staff to verify independently and escalate unusual behavior to your IT or cybersecurity team.

• Please report scams to the MCPD’s non-emergency number at 301-279-8000.
• Review  Fraud Reporting for other reporting options.
• You may file a complaint with the Montgomery County Office of Consumer Protection (OCP).  Please review OCP’s Frequently Asked Questions before filing.
• Share your experience with family and friends, as well as on social media platforms, to alert others about the scam and prevent them from falling victim.  However, be aware that scammers monitor social media to offer  recovery scams, claiming to recover your losses for a fee. 
• If you have disclosed personally identifiable information during a fake job interview process, review related bank statements, credit reports, and other financial accounts for unauthorized activity.
• Report any suspicious charges or accounts to the respective institutions.  See Identity Theft for additional ways to protect your finances. 

References:

• Antoniuk, D. (2025 June 11). FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters. The Record. Retrieved from https://therecord.media/fin6-recruitment-scam-malware-campaign
• Federal Bureau of Investigation (FBI). (2024 June 4). Alert Number: I-060424-PSA Scammers Defraud Individuals via Work-From-Home Scams.  Retrieved from https://www.ic3.gov/PSA/2024/PSA240604.
• FBI. (2025 July 23). North Korean IT Worker Threats to U.S. Businesses. Retrieved from https://www.ic3.gov/PSA/2025/PSA250723-4.
• Federal Trade Commission. (2023). Holiday Job Scams. Retrieved from https://www.youtube.com/shorts/oefGVFHSzmY
• Federal Trade Commission. (2023, May 22). Scammers are hijacking job ads. Here’s how to spot the fakes. Retrieved from https://consumer.ftc.gov/consumer-alerts/2023/05/scammers-are-hijacking-job-ads-heres-how-spot-fakes.
• Goyal, R. (2023, March 17). Don’t fall for job scams: Tips for spotting fake job offers. Economic Times. Retrieved from https://m.economictimes.com/news/how-to/dont-fall-for-job-scams-tips-for-spotting-fake-job-offers/articleshow/98723214.cms
• Indeed Editorial Team. (2023, January 31). 10 Signs a Job Posting May Be a Scam. Indeed.com. Retrieved from https://www.indeed.com/career-advice/finding-a-job/how-to-know-if-a-job-is-a-scam.
• Kiger, P. (2023, April 28).  Searching for a Job Online? Watch for Scams. AARP. Retrieved from  https://www.aarp.org/money/scams-fraud/online-job-search/.
• Krebs, B. (n.d.). Employment Fraud – Krebs on Security. Retrieved from  https://krebsonsecurity.com/category/employment-fraud/.
• Microsoft Threat Intelligence. (2025 June 30). Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations. Retrieved from https://www.microsoft.com/en-us/security/blog/2025/06/30/jasper-sleet-north-korean-remote-it-workers-evolving-tactics-to-infiltrate-organizations/.
• Palmquist, K. (2023, July 21). 17 Common Job Scams and How To Protect Yourself. Indeed.com. Retrieved from https://www.indeed.com/career-advice/finding-a-job/how-to-know-if-a-job-is-a-scam.
• Norton LifeLock. (2021, February 12). Job-posting scams and how to avoid them. Norton.com. Retrieved from https://us.norton.com/blog/online-scams/job-posting-scams.