Ani Banerjee, Chief Human Resources Officer, KnowBe4
Bad news. Your organization just announced a major restructuring, making your role “redundant”. You update your LinkedIn profile, using the #OpenToWork hashtag, and announce to prospective recruiters that you’re on the market, actively searching for a new gig.
A scammer posing as a Recruiter (from a profile appearing legitimate), contacts you and immediately requests your phone number. This alleged Recruiter sends you text messages about the open position. After asking a series of interview questions, the Recruiter congratulates you for having been selected. To accept their offer, you’re compelled to do some “necessary paperwork.”
Victims are then requested to send their PII (personally identifiable information) data like DOB, home address, driver’s license ID, and lastly, social security number, ostensibly “to run a CORI and background check.” If this “recruiter” is bold, they will ask for bank account statements and tax returns. With private information in hand, the recruiter-scammer is locked and loaded, ready to commit all kinds of fraud, identity theft, even access to your laptop.
This is unfortunately, just one of many recruitment scams currently running wild on LinkedIn and other recruitment platforms. The Better Business Bureau considers employment scams the second largest online scheme in the US, second only to online shopping scams.
Why Are Employment Scams On The Rise?
There are two main reasons that explain the sudden surge in employment scams. Firstly, the nature of work and the workplace itself have changed. Businesses are embracing work-from-home models and employees are getting more opportunities to work with companies that are not local. Job seekers use technology to apply for jobs, attend interviews and onboard organizations virtually. This situation creates the perfect environment for opportunistic threat actors on the lookout for innovative ways to social engineer people.
Secondly, rising inflation, layoffs and unemployment are making job seekers vulnerable and desperate. Scammers thrive on adversity; they advertise bogus job listings that offer generous pay packages, flexible working hours, fantastic benefits, etc. Next, they ask the job seeker to transfer money to cover agency, training, and recruitment fees, application costs, background and credit checks; even in some cases, charges for home office equipment.
In the first quarter of 2023, losses from job scams grew 250%, compared to the same period last year.
The Implications Of Employment Scams On Businesses
Employment scams can negatively impact businesses in a variety of ways. The biggest one of course is market reputation. Successful schemes make organizations less desirable and less trusted by job applicants. Threat actors can leverage stolen information and intellectual property to cause financial losses, launch social engineering attacks, disrupt operations, and cause physical damage. In certain situations, organizations can be held liable and financially accountable for financial damage and theft of private information, resulting in costly lawsuits and negative publicity.
AI Making It Increasingly Harder To Detect Job Scams
Generative AI is already being extensively used by bad actors to write sophisticated emails, create fake profiles and mimic voices. In employment scams, fraudsters can weaponize AI to create fake job listings and impersonate recruiters, conduct target selection, pull specific information about job seekers from social media accounts and deploy bots to conduct fake interviews.
How Can HR Mitigate Employment Scams?
As custodians of people, HR teams have a fiduciary duty and moral responsibility in ensuring that the organization adopts secure recruitment practices, keeping in mind the organization’s security posture as well as safeguarding the privacy of job seekers.
Best practices that can help mitigate the risk of employment scams include:
- Run Simulated Training on Employees: If employees themselves are unaware that such scams exist, they can easily become victimized, putting the organization’s data and security at great risk. It is therefore highly recommended that organizations run simulated training and teach employees to identify phishing and social engineering attempts, the many red flags behind employment scams. It’s all about security awareness.
- Make Job Postings More Secure: Post jobs on reputable websites and/or the company website alone. Deploy a verification process that helps job seekers verify or confirm the authenticity of a listing.
- Make Recruitment Process More Transparent: Scammers typically rely on misinformation and confusion. Have an open and transparent recruitment and communication process to prevent scammers from taking advantage.
- Monitor Job Boards and Conduct Regular Audits: Monitor leading job portals continuously for any listings that impersonate or misrepresent your organization. Audit recruitment practices at regular intervals to evaluate your defenses against evolving employment scams.
While it is impossible to eliminate employment scams entirely, if HR teams build security instincts among staff, adopt open and transparent recruitment practices, and deploy fraud reporting and monitoring mechanisms, they can not only reduce the occurrence of such scams, but also boost their market reputation by demonstrating a solid commitment to ethical recruitment practices.
About the Author
Ani Banerjee is Chief Human Resources Officer for KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform used by over 65,000 organizations. Banerjee oversees HR operations across 11 countries, and is responsible for developing new initiatives to enhance the company’s organizational culture, recruitment channels, and diversity, equity, and inclusion (DEI) strategies. He has 30 years’ experience in global HR leadership roles working for VMware, Dell, Yahoo, and AOL.
Image by creativeart on Freepik
The post Employment Scams On The Rise: What Can HR Do To Mitigate Them? appeared first on Cybersecurity Insiders.
November 13, 2023 at 07:51PM
0 comments:
Post a Comment