The scams behind false job offers on social networks: keys to recognize them and avoid falling for them

In an increasingly digitalized world, social networks They have made it easier to find a job, but they have also opened the door to scammers who take advantage of users’ vulnerability. Cybercriminals use tactics to trick people looking for work, using fake job offers to obtain money or personal information.

According to the Ministry of Labor and Employment Promotion (MTPE), in 2021, 57.8% of job seekers in Peru turned to the Internet as their main tool, displacing traditional methods such as consulting physical intermediaries, friends or family.

This change has opened new ground for cybercriminals, who take advantage of the digital transition to attract victims through false job offers, even on seemingly secure platforms such as LinkedIn.

To better understand how the criminals behind these scams operate and how we can protect ourselves, we have interviewed Martina López, security researcher at ESET Latin America, and Kenneth Tovar Roca, manager of Palo Alto Networks in Peru and Bolivia.

How these scams work

Methods used by criminals vary from simple phishing messages to complex identity theft on employment platforms.

Tovar points out that it is common for cybercriminals to use WhatsAppone of the most popular messaging applications in the world, as a means of offering “easy jobs”.

“The victim receives a message offering commissions for certain tasks such as watching online videos or liking influencer posts. Criminals deposit small amounts with the victim to gain their trust and then start asking for money with the promise of returning it with big profitswhich they never arrive”, he reveals.

They can also create fake apps where the victim supposedly sees their commissions increase, but when they try to withdraw the money, they ask them to pay a “tax”.

Furthermore, the expert points out that there are some cybercriminals who create fake job offers that look realcopying logos, emails and web pages of well-known companies. In turn, they use social networks such as LinkedIn to spread their ads and sometimes bots to create fake profiles. They even upload videos to TikTok with false testimonials of success.

“Cybercriminals ask victims to download certain applications or access certain links to continue with a hiring process and that is where they infect their devices”. In this case, a Malware is installed hidden on the victim’s device. Once inside, malware can steal sensitive information, such as passwords, banking details, or even access to personal accounts.

An example is the case of user Emily Cuadros, who was contacted through WhatsApp after applying for a job on LinkedIn. The alleged company asked him to download an application for testing and then requested his bank account number to record future deposits. After providing this information, she lost all of her savings.

The company responded to the complaint on LinkedIn clarifying that they did not contact the user and reported that the number used to scam her is not associated with their company and that they have received alerts of other similar cases.

How to identify a job scam?

To protect yourself from these threats, it is essential to learn how to identify warning signs. One of the most common is lack of detailed information about the company or position. “If they have no registration on the Internet, or whose names, when searched, yield few results. If the account is too new or the text seems to have been artificially generated, be cautious”says Lopez. It also warns about the intentions of the person with whom we are communicating.

“In many cases, they can request that we install an application, let’s make a payment or provide information staff through a link. If this is the approach, we must reconsider the intentions of the person on the other side of the conversation.”, he points out.

On this point, Tovar highlights that Asking for the bank account number or financial data at the beginning of the process is a red flag. Serious companies do not request this information until advanced stages of the selection.

Another indicator is the “unrealistic income promises”. Kenneth Tovar explains that “if an offer promises salaries that are too high for the type of work or extremely favorable conditions without requiring experience or skillsit’s a warning sign”.

Additionally, both experts agree that it is crucial to be wary of any offer that requires upfront payments. “The sign that could be the most obvious is that No legitimate job is going to ask you for an initial payment or an investment to get started.r”warns Tovar.

“Ultimately, if it is a well-known company, it doesn’t hurt to contact the company directly to verify the person’s identity. “This can prevent big problems,” points out the ESET expert.

MIRA: LinkedIn used user data to train generative AI models without informing them, report says

What to do if you fall for a job scam?

The Palo Alto Networks spokesperson advises victims of scams, such as fraudulent job offers, to follow these steps to report the fraud and help others:

• Collect information– Gather all evidence of the scam, such as emails, WhatsApp messages, phone numbers and transaction details.
• File the complaint: take this information to the authorities, such as the PNP or Indecopi.
• Report on social networks– Post on LinkedIn, Facebook or Instagram to alert others and report the scam to the platforms.
• Stay informed– Be alert, as scams can occur on any device and situation.

“The most powerful tool we have is research”

Martina Lopez security researcher at ESET Latin America.

Recommendations to avoid fraud in job offers

To protect yourself, Martina López and Kenneth Tovar provide the following advice:

• Use antivirus and update your devices– Always keep an updated antivirus and perform software updates to prevent attacks.
• Research the company– Check the reputation of the company, its website and LinkedIn profile. Be wary of emails with generic domains like Gmail or Yahoo.
• Pay attention to the wording– Fraudulent offers often have grammatical errors or poor quality language.
• Control app permissions– Don’t enable unnecessary permissions on non-essential apps, such as camera access or contacts.
• Be careful with local numbers: Scammers also use local numbers, so this factor is no longer a guarantee of security.
• Don’t act impulsively– Take the time to verify the offer before accepting any proposal or downloading applications.