The Daily Recruiter

Email letters fill email inboxes every minute of everyday. Some are from legitimate companies and some are not. How can you tell the difference? Many people can’t. Identity thieves, like counterfeiters, are experts of their craft. They are master manipulators who can make you believe that they are who they say they are.

If you’re looking for a new job, you won’t have any difficulty finding sites promising to find you new job opportunities. Many job hunters use job search firms like Monster and CareerBuilder feeling secure with the fact that they are legitimate companies. What many job hunters don’t realize is that both of these companies are constantly monitoring their sites because of fraudulent companies setting up shop on their websites. Both sites offer job hunters information to help job candidates protect themselves against phishing schemes.

You can protect yourself from being the victim of a phishing scheme by keeping in mind these tips:

 

Monster’s Website Advises Job Hunters about Email Phishing Schemes on their Site

Here are some ways you can prevent being lured in by fraudulent email:

• Verify the legitimacy of the company and specific employment opportunity. There are three simple ways you can do this:
  1. If the email contains a link, you can validate the address by going directly to the company’s website using the company’s main URL, rather than relying solely on the links provided in the email.
  2. If the email includes a job proposition, the job should be listed on the company website. You can also call the company directly using the company’s publicly-listed phone number to verify the job opportunity.
  3. Research the company by conducting an Internet search and by using the Better Business Bureau.
• Do not share personal information unless you are confident that the other party is who they claim to be. The following information is not collected by Monster and should not be included on your resume:
  • Social Security number
  • Driver license number
  • Bank account information
  • Credit card information
  • Passwords
• Disregard all emails offering employment opportunities that involve acting as a go-between for money transfers.
• Verify the legitimacy of a potential employer before engaging in any monetary transactions, or before providing credit card, bank information, or personal information requested to conduct a background check (most legitimate companies are willing to delay a background check until they are prepared to make an offer of employment).
• Protect yourself from employment opportunity fraud by looking for these warning signs:
  • Email-only communication
  • Overly-simplified requirements/qualifications
  • Ability to work from home and/or only 2-3 hours of work per day
  • Broken English, spelling mistakes and/or grammar errors
  • Requests for bank account information or Social Security number
  • Management of monetary transactions
  • Repackaging or reshipping from your own home
  • Compensation based on using funds you withdrew from a banking account
• Be wary of any email that asks you to download a tool or update your account or access agreement. Monster will never send an email requesting that you take these steps, or ask you for your account username and password.

“Job search sites offer identity thieves a rich source of personal information and a pool of potential victims willing to divulge even more in hopes of landing employment. Since 2004, some of the largest online job search firms, such as Monster and CareerBuilder, have taken more precautions against criminals looking to collect personal information from their users.” - Washington Post, Taking the Bait on a Phish Scam

Advice from PhishTank.Com - hat to look for in a phishing email

1. Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
2. Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.
3. Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
4. Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim. - Excerpt from PhishTank.Com, What is Phishing

Strangers aren’t the only ones who are phishing for you. The company you work for may be doing a little phishing of their own to determine which of its employees need to be better trained about phishing schemes. Companies depend on employees to know the difference between a fake email or website and a real one. If an employee divulges confidential information about the company or its customers to a phisher, the aftermath can be devastating.

“Despite the fact that so many of us have been told of the dangers of computer security breaches, many people still invite trouble. In MacDougall’s department’s past two phishing expeditions, 30 of 100 e-mail recipients took the bait within the first 20 minutes.” - Washington Post, It’s the Boss Fooling You For Safety’s Sake

Play it Safe - Don’t Link and Drive

If you click on a link in an email, you can not be certain that it is actually from who it says it is from. For example, if I put a link here to CNN’s website, then you would expect to be taken to their website. But, will you actually be taken there or will you be taken to where I’d rather have you go? Try this link CNN.Com and you’ll see what I mean. Of course, if I were a phisher, I’d take you to a site that I created to resemble the actual website of a company.

I do the same thing with incoming phone calls. If someone calls me and says they need a payment on an account from me, I thank them and tell them that I will call the company back later and make a payment. I, of course, I don’t get the phone number to call the company back from them. Instead, I look up the phone number on my bill and call the company using that information. Although I do like the way Jerry Seinfeld handles telemarketers. He tells them that he is having dinner at the moment but he’s really interested in speaking to them about their products and / or services. He then asks for their phone number, so he can call them back when they’re having dinner. :)