When it comes to looking for work, our details are out there in cyberspace – on career networking sites, in recruiter databases and on digital job boards. But the growing practice of job phishing – where criminals prey on jobseekers to fraudulently gain access to personal details to commit crimes – means it’s vitally important to be vigilant about online safety and security.
Employment scams are on the rise
Australian authorities, such as the Australian Competition & Consumer Commission (ACCC), have noted a rise in the number and sophistication of fraudulent job ads. Increasingly, criminals are attempting to steal bank account details for money laundering, and other personal data for identity theft and fraud. In some cases, the scammers aim is to encourage the jobseeker to download malicious software (otherwise known as ‘malware’).
In 2015, the ACCC’s Scamwatch recorded 2456 reports of job and employment fraud, worth more than $950,000. And there’s no sign of the problem abating with 2,855 reports received 2016, worth a total of more than $1,127,000.
Perth man, Brendon Nunn, had his identity stolen after applying for a diesel mechanic apprenticeship with mining company, Rio Tinto, through job vacancy website, Seek. While most scams occur via email, mobile phone or free websites, scarily, scammers also use legitimate channels, like Seek, to catch their victims.
In Mr Nunn’s case, the application was extremely convincing and asked him to provide a copy of his passport, driver’s license, tax file number and forklift ticket. After some time had passed, he called the company to follow up on his application and that’s when the scam was uncovered.
“I just felt a pit in my stomach. Like, who’s got my information?” Mr Nunn told abc.net.au. The information he provided is enough for crooks to buy items on credit and to even obtain a loan in his name.
Signs of online job scams
A spokesman from the Australian Government Department of Employment, which oversees the jobactive.gov.au job board, said cyber attacks and online scams are a common threat. He also said jobseekers should apply this simple checklist to affirm the validity of online job ads:
- If the job advertisement looks too good to be true, it probably is.
- If the job advertisement asks for bank details, don’t hand them over. Ever!
- If the email address doesn’t match the company name, be suspicious and do some further investigation.
- If there are any mismatches between the job description and the job details, do some further investigation.
- If you have any concerns, check the employer website or call the employer before applying.
Some of the industry’s biggest online employment sites including seek.com.au and careerone.com.au, as well as career networking sites such as LinkedIn, carry public warnings about job phishing and offer practical advice to help jobseekers avoid being hooked by a scam.
Careerone, for example, warns that while it’s legitimate for employers to ask for information relating to education, previous employment and training in the early stages of the hiring process, you should never be asked for proprietary information until you’re much further down the employment path. Even then, there’s almost never an occasion to hand out bank, credit card or passport details.
Other red flags to look out for include:
- Advertisers asking for an upfront fee for processing your application.
- Personal identification information such as your passport details and passwords.
- Acceptance of a money transfer where you can retain a portion as ‘payment’.
What should you do?
“Cyberattacks and online scams are a common threat across websites generally and unfortunately Australian Government sites such as www.jobactive.gov.au are not immune from such attacks,” the spokesperson for the Australian Government Department of Employment said.
“The Department takes IT security and malicious attacks seriously, and has strong defence strategies and checks in place to manage these attacks, including on the jobactive website.”
If you think you have unknowingly applied for a fake job, check your financial accounts and freeze or close any that appear to have been subject to unauthorised activity. Also, check your computer for viruses, and change and update all your passwords. Report the crime to the police and get a copy of the report for your files.