Tips for Avoiding Recruitment-Related Fraud

This is an updated version of a previous post published in 2019. You can find the original post here.

Back in September 2019, I shared this post on identifying employment scams. At the time, we discovered that a bad actor had been using DockYard’s name to engage in fake job postings and shared this blog post to help inform job seekers on DockYard’s practices as well as red flags to look out for.

We have recently discovered that, unfortunately, our name is again being used to engage unsuspecting job seekers into sharing personal information. While DockYard will do everything it can to combat these types of activities, we also wanted to reiterate ways to protect yourself as cybercriminals become more prolific and sophisticated.

There was a lot of great information in the blog post shared in 2019 and while some of the information may be included here, I would encourage you to read that post as well. In that post we provided the following tips, which still resonate today:

1. Check the domain name: If the email domain is from a public provider such as “@gmail.com” or “@yahoo.com,” it may be a scam. Typically, established organizations use domain names they purchase to align with their company name.

2. Look for spelling and grammar errors: Excessive spelling and grammar mistakes–including in email addresses–may indicate that an email is a phishing attempt.

3. Beware of requests for highly sensitive information: Many established organizations use secure document sharing tools to exchange documents and information. Be cautious of any “recruiters” who request copies of a passport, social security card, or banking information to be sent over email or before employment begins.

4. If it looks too good to be true, proceed with caution: As employers, we want to put our best foot forward and tell applicants all of the wonderful things awaiting them as an employee. However, an immediate offer after a cursory interview is not the standard practice here or anywhere I’ve previously worked. Most legitimate organizations have a thoughtful application process, so be wary of an immediate offer, particularly alongside some of these other questionable practices.

5. Consider requests for gift cards a red flag: Over my more than two decades in HR roles, there has never been a situation in which an employer should request a gift card from a candidate or employee. Proceed with caution (or not at all) if a “prospective employer” suggests this.

As we’ve learned more through these experiences, we wanted to offer some additional tips for staying safe online:

• Do a search on the Company’s website for the job posting, a warning of fraudulent recruitment efforts, or both.

• Reach out to the Company directly to verify the legitimacy of a job you have been contacted about. Some companies have a general email address for career inquiries on their careers page.

• Some cybercriminals will go so far as to create fake profiles on social media including LinkedIn profiles, Facebook business pages, Twitter accounts, etc. Typically these profiles will lack any verification (if offered by the provider), use stock images, and will have very little content or substance. They will also have low numbers of followers.

• If contacted via email, were you Cc or Bcc on the email? Less sophisticated fraudsters will list everyone they’re targeting in a single email. If you are Bcc on an email, it should raise some red flags for you. You may also consider doing a search on the email address of the sender.

To be clear, there are times when one or more of these tips may come from a legitimate company with a legitimate opportunity; however, when you encounter scenarios such as these, be sure to keep your eyes peeled for anything suspicious. While none of these actions themselves will guarantee you will forever be safe from fraud, being vigilant about your information will only benefit you.

There are several steps individuals can take if targeted by a scam involving employment offers. First, report the communications as spam through your phone or email. Then contact the following sources if relevant:

• Telegram: Start a conversation with @NoToScam and report the username.

• Indeed.com: Forward the email message to socialcare@indeed.com.

• Email: Report the email and mark the message as spam.

• LinkedIn: Follow the steps outlined in the Recognizing and Reporting Scams section of their site.

• The Federal Trade Commission has a page dedicated to recognizing and reporting recruitment-related fraud. You should report any scams or fraud to the FTC here.

• U.S. residents who are the victim of fraudulent activity are also encouraged to report any fraud to your state’s Attorney General.

• eConsumer.gov is an organization that shares complaint information to over 40 consumer protection agencies worldwide allowing them to identify cross-border fraud activities. Anyone worldwide who believes they are a victim of fraud may make a report on their site.

• The Internet Crime Complaint Center (IC3) is a division of the FBI that investigates internet scams and provides a lot of great information on identifying scams to prevent becoming a victim.

In the event any personally identifiable information is given to a scammer, targeted individuals should immediately contact authorities to inform them of the activity. Reach out to your banks or other financial institutions to shut down accounts or credit cards if that information was shared. And of course, make sure your credit reports are locked. You can do this by contacting each of the credit reporting agencies– Equifax, TransUnion, and Experian.

DockYard employs a rigorous hiring process and never asks applicants to share any personally identifiable information prior to an official start date. Please contact careers@dockyard.com if you have any questions or concerns about a recent interaction regarding employment opportunities with DockYard.