The fraud is massive and interconnected. A fraudster posed as a recruiter for a web development company and duped 130 candidates through the recruitment process.
It starts with a classic email response to the application offering a phone interview of fifteen to twenty minutes. A young victim of this scam testified in an article Picaro, “The questions are very mundane: Why are you and not someone else? What is a UX-designer for you? How motivated are you on a scale of 1 to 10?.
A promise of employment that seems genuine
A few days after the interview, many applicants received a job offer via email. Again, there is nothing to suggest that this is coming from someone seeking to usurp the identity of a company director’s partner. The text has no typos and turns of phrase, as evidenced by this extract: “Guided by my intuition during our phone call and convinced by my feelings of your enthusiasm and commitment to this position, I want to place my trust in you. Therefore, I am pleased to inform you that you will not be able to rest from January 5, 2023, as you will come and work with us. Must! »
The email also sets up a physical meeting for the applicant to come and sign a permanent employment contract, which is attached. Above all, he asks the future employee to send documents containing his personal information as soon as possible: bank details, social security certificate, copy of identity document. In the endThe fraudster’s goal is to get his hands on this sensitive data.
Cybercriminals try to extort money or data
The real manager of the company was alerted by a real candidate, who rejected his application because he didn’t have an open position and saw a fraudulent job offer. He later posted a message on the platform where the fake job offer was published, calling candidates to be vigilant and filed a complaint.
This type of fraud is unfortunately not isolated and is often the work of cybercriminals who extort money or personal information. To protect against this, Pôle emploi has implemented algorithms to better detect offers or suspicious profile searches. On that day Cyber Malicious SiteCandidates can also discuss best practices for ensuring the credibility of a job offer (check the company’s SIRET number, be aware of calls from recruiters on odd schedules, spot typos in messages, and don’t accept compensation before signing an employment contract. )
How to avoid becoming a victim of online identity theft as an employer?
To prevent a cybercriminal from borrowing your email, your name or your company’s SIRET number to deceive a candidate, the CNIL (National Commission for Computer and Freedom) I recommend you Be alert when entering personal data online or receiving emails asking you to update your personal information.
“Ensure that data encryption is enabled when you consult or enter confidential information (banking sites, etc.): the site address must begin with “https” (and not http) and be preceded by ‘a padlock'”, Complements the CNIL.
Another point of awareness: your passwords. These should be complex, confidential and multiple. Using a password manager is highly recommended.
Finally, if you are a victim of identity theft, immediately contact the site where your data was published and request its deletion, file a complaint with the National Police, Gendarmerie or Public Prosecutor.