Podcast: Play in new window | Download
Subscribe: RSS
Episode 24 Now Hiring
Welcome to the Human Element Podcast, where we dive into the stories and experiences that shape us in our everyday lives. Today, we’re talking about something we’ve all been through at some point—job seeking. Whether it’s your first gig out of college, a mid-career pivot, or just looking for something new, we’ve all felt that mix of excitement and anxiety when searching for the right opportunity.
But let’s talk about those moments when you come across a job that seems almost too good to be true. You know the type: great pay, perfect location, amazing benefits. It feels like all your career dreams are wrapped up in one golden opportunity. But then, as you dig a little deeper, you start to wonder—what’s the catch? Could this really be the break you’ve been waiting for, or is it something else entirely?
In today’s episode, we’re going to explore the psychology behind those too-good-to-be-true job offers, how to navigate them, and what you can learn from the experience, whether it turns out to be a dream job or just another lesson in the journey of life. So, sit back, relax, and let’s dive into the human side of job hunting.
ep24
Scott Gombar discusses job scams in episode 24 of “The Human Element” podcast. He recounts a personal experience where a scammer pretended to offer a job, moving the conversation to WhatsApp and using childish slang to frustrate him. Gombar explains that job scams often use fake job postings on platforms like Facebook, LinkedIn, and Craigslist to collect personal information, leading to phishing, financial scams, and malware infections. He advises using legitimate job search platforms and never providing sensitive information during job applications. Gombar emphasizes the importance of verifying job offers and being cautious of unsolicited job offers via text or social media.
Transcript
Action Items
- [ ] Educate others about signs of job scams like unrealistic pay or needing to pay fees upfront.
- [ ] Upload video examples to social platforms like TikTok to warn people but also frustrate scammers.
- [ ] Comment on fake job posts to warn others and tag relevant groups.
Outline
Job Scams and Personal Experiences
- Speaker 2 shares a personal story about a friend who was desperate for a job and fell for a scam involving door-to-door sales in a rundown office.
- Speaker 2 introduces the theme of the episode: job scams, and shares a recent experience of receiving a scam text on TikTok.
- The scammer quickly moved the conversation to WhatsApp, and Speaker 2 played along to frustrate them.
- Speaker 2 explains the goal of their interaction was either to educate people or to frustrate the scammers.
Common Types of Job Scams
- Speaker 2 discusses various types of job scams, such as work-from-home offers, Amazon jobs, and other enticing but fraudulent opportunities.
- The first red flag for these scams is often the use of a non-legitimate website, such as Google sites.
- The goal of these fake job posts is often to collect personal information, which can be used for phishing or financial scams.
- Speaker 2 emphasizes that legitimate companies do not require personal information during the job application process.
Financial Scams and Phishing
- Speaker 2 describes a financial scam involving a marketing job that required Speaker 2 to log into a website and complete tasks to earn money.
- The scam involved asking for additional money to receive the promised earnings, which Speaker 2 did not provide.
- Speaker 2 explains that legitimate jobs should never require payment for training or background checks.
- The scammer’s goal was to collect personal information and money, often using the promise of a job to lure unsuspecting individuals.
Malware and Data Theft
- Speaker 2 discusses how fake job offers can lead to malware infections, which can steal personal data and cause financial harm.
- Malware can be used to launch ransomware attacks, steal sensitive information, or participate in distributed denial of service attacks.
- Speaker 2 shares an example of a data breach where personal information was compromised and used for malicious purposes.
- The scammer’s goal is to use the collected data for further scams or to sell it to other scammers on the dark web.
Social Engineering and Targeted Scams
- Speaker 2 explains how fake job offers can be part of a broader social engineering scam, where the collected data is used to manipulate or deceive the victim.
- The scammer may use the data to send targeted ads or messages, making the scam appear more legitimate.
- Speaker 2 shares an example of a scam that used their phone number to send a text message, which was a red flag for the scam.
- The goal of these scams is to gain access to the victim’s personal information and use it to further the scam.
Identifying and Avoiding Job Scams
- Speaker 2 provides tips for identifying and avoiding job scams, such as checking the legitimacy of the website and the job offer.
- Legitimate companies do not require payment for job applications or equipment.
- Speaker 2 advises using legitimate job search platforms like Indeed, LinkedIn, and industry-specific sites.
- The model for staying safe is to never trust and always verify the legitimacy of job offers and websites.
Conclusion and Final Advice
- Speaker 2 concludes the episode by emphasizing the importance of staying vigilant and avoiding job scams.
- The episode highlights the various ways scammers use job offers to collect personal information and money.
- Speaker 2 encourages listeners to question everything and never provide sensitive information during a job application.
- The episode ends with a reminder to stay secure and avoid falling for job scams.
Transcript
Welcome to the human element, the podcast that delves into the often overlooked human side of cybersecurity. Each episode, we’ll explore real world stories, uncover the tactics used by cybercriminals to exploit human behavior and share insights on how you can protect yourself and your organization from these subtle but devastating attacks. Join us as we peel back the layers of deception and reveal the true power of the human element in cybersecurity. Let’s get started. You.
Most of us at some point in our lives have been job seekers, looking for a job, decent pay, decent work life, balance, you know, something along those lines, we’re looking for a job, sometimes out of desperation because we no longer have a job, we have no income coming in, and we’re looking for a way to support our lifestyle, our family, our our home, something so going back a few decades, again, like we did the previous week, I knew someone who was looking for a job. They were pretty desperate. They needed some income, you know, they didn’t want to do anything illegal, so they landed this job that was supposed to be this end all job in marketing and management, and they they were going to hire people with no experience, and he showed up for The Interview, and I’m using air quotes, and it was a rundown office. Didn’t look like much going on there, but there were a lot of people, a lot of people, potentially interviewing for this job. Turns out that Job was going door to door in some of the worst neighborhoods in the area to try to sell this item that nobody wanted, and the only way you got paid is if you sold a certain amount of items. Now this is going back a while, so there may have been some laws that weren’t in place yet, or they just didn’t care about those laws. I don’t know, but it was a scam. They wanted people to sell this item. You were not going to make money unless you sold a bunch of these items, and you were selling them in an area that people were not going to be interested probably weren’t going to open the doors.
Welcome to the human element. Episode number 24 now hiring. I’m your host, Scott gombar, and this week we’re going to talk about job scams. So the day I’m recording this, I uploaded a video to tick tock waiting to see if tick tock removes it, because they love to remove these videos. So it’s a scammer. I get a scan text asking if I’m looking for work. I know instantly it’s scam. I’ve seen these a million times, so it’s not hard to recognize for me. And of course, I say yes, because I want to go along with this. I’m a little coy with it, but I say yes. I knew it was a scam before they said anything. They said, Hello, that’s it, and I knew it was a scam. Of course, they eventually take the conversation to WhatsApp, actually pretty quickly this time, sometimes they take a while, but this time, they moved pretty quickly to WhatsApp, and they sent me the details of the job in WhatsApp. And so I played along
as a Gen Z slash, Gen Alpha.
Well, I’ll call it a child, because they’re most Gen Z and alphas are child. So I was using the slang that they use, and I did this to frustrate the scammer. And eventually they did get frustrated. They actually said, Are you the are you an A N word? Hopefully, I don’t have to explain that to you, because I’m not going to, but that’s how much I frustrated them, and got to a point where they just finally stopped messaging me. And essentially that’s my goal. It’s either to get enough content to educate people, or to just frustrate the scammers for a little while. And what happened to be on a Sunday, Sunday evening. So I wasn’t doing much. I played around, you know? I was just doing some some add more work. So I played around with the scammers. And if you want to see that, you can see it on my tick tock channel. It’s Scott G, and that’s g with 3e at the end, Scott G with 3e at the end. It was uploaded ironically on Labor Day, September 2, 2024 so you’re probably asking, what’s with all these scam posts? Right? We’ve seen the Facebook posts that offer the Amazon jobs, or the Google jobs, or the FedEx jobs, work from home, all types of work from home jobs. There’s just dozens, if. Hundreds of different variations of this scam, and they look great. I get to work at home. I get to make decent amount of money, you know, I spend more time with my family, all of these things. A lot of people like to work from home, because now they can multitask and get even though multitask, by the way, is not real. You cannot multitask. But that’s different conversation. You know, they want to be able to do the laundry while they’re working, or they want to be able to clean the house while they’re working, or you’d stay home with their child while they’re working. So they sound great. These are great opportunities for those people that want these types of jobs. And we’ll tell you that almost every single one of these posts, the first red flag is that it’s, let’s say it’s an Amazon job, and the website will say, site dot Google, or Google dot site, something like that. It’s a Google website. So Google has this free website offering that I believe they’re shutting down. Well, you could build this website and it’s at Google. It’s hosted by Google, and it says Google site. Amazon’s not going to use Google site to advertise a job. That’s your first red flag that you should know that FedEx not going to use Google. They’re not going none of these people are going to use Google. Google might use Google. They’re not going to use their free site builder to advertise a job. So what is the goal of these fake job posts on mostly Facebook, but I have seen them on LinkedIn, and I have seen them on Instagram, but mostly Facebook, so they a lot of times, are phishing scams. The fake job offers are designed to collect personal information, so you going to fill out an application on again, a Google site, and it’s going to collect that information. It might be a form you fill in some details, your your name, your your home address, your email address, your phone number, and that’s enough for them to then take and move forward with the scam. Now they’ll use that information to grab things like social security numbers, bank account details, and by the way, you should never give these things when applying for a job, but legit job or not, they don’t need your social security number for you to apply to the job. They need your social security number when you start to work there and you put it on on the tax forms, but they don’t need that. When you apply for the job, they definitely don’t need your bank account. They don’t need that until you want to set up direct direct deposit, they don’t need that. But they will collect this information. But even the basic information is enough to get started with a potential scam. They have your email address. Maybe they’ll start sending you phishing emails trying to get more information from you. As a matter of fact, they almost definitely will financial scams. So the one I uploaded to Tiktok is a financial scam. And so what do they do? They take this job offer, and they say, in this case, it was a marketing again, air quotes marketing job, and they wanted me to log into this website. And I’ve gone through this process with these scammers before, so I know exactly what it’s going to do. You’re going to log into this website. It’s going to say, complete this task. And it’s some random task of basically, I don’t remember what the task was, but it’s something like clicking on something, or filling out a form or something like that. And you do this task and they didn’t tell you, all right, you’ve got $40 built up. We can’t pay out until you reach $100 and I’m just throwing numbers out there with something along these lines. But if you want the money now, you could put the additional $60 in and we’ll send you the $100 so they want that $60 and then you’re never going to see the $100 you’re done. There’s the pay up front. Fees for training is another typical scam, or for the background check, you should never, ever have to pay for your own background check when you’re applying for a job or equipment. You should never have to pay for equipment when applying for a job. If you take a job, and let’s say you need a laptop for that job, they supply the laptop. They’re not going to no legitimate job is going to ask you to pay for a laptop to use for the job they just hired you for. Should not have to put money up for a job. That’s just silly, but it’s happening, and it’s happening a lot, and the problem is, when people get desperate and need a job, they might go that extra mile. And I see it all, you know, I see these posts all the time on Facebook, and I marked them, I’ll comment on them, saying, scam. Some of these scammers will go so far as to disallow scamming, I mean disallow commenting on them so that you can’t comment. You know, people like me can’t comment, and I’m not the only one out there can’t comment on. Them, and then more people fall for them. But I’ll, I’ll comment on them, saying this is a scam, or I’ll tag my I have a Facebook group called a scam. Likely, I’ll tag the group in that and I’ll see the other people that are commenting saying, interested, interested, interested. And the poster the scammer, will send them to, you guessed it, a Google site, or they’ll send them to a form to fill out that form. In some cases, the fake job offers are used. Offers are used to recruit individuals into money laundering scams.
I have seen this. I see this more on
Craigslist. So they’ll ask you, I mean, they’re pretty bold on Craigslist, they’ll tell you, essentially, you know, you can make 1000 or $100 by moving $1,000 into another account. For us, I’ve seen that they hire you for this job. And in reality, what they’re having you do is mule money. You become a money mule unwittingly. You don’t know you’re doing it. You think it’s legitimate, maybe initially in and some people will probably continue doing it without questioning it, because they’re making decent money. They’re taking money, moving it from one account to another, making, you know, $150 or something like that every time they do it. And in reality, they’re laundering money. And guess what? When the feds come knocking, you can tell them, hey, I thought it was a job, legitimate job, they’re not going to care. You’re you’re stuck with a with a money laundering charging you will never be able to work in financial again, that’s for sure, and you will have our time getting any job after that. The fake job posts on primarily on Facebook, but other other social media could be used to distribute malware. So they could be posting these jobs and then eventually take you to a link where they’re hosting malware. You download the malware again, unknowingly to your computer, and it affects your computer, and there are still groups out there that launch ransomware attacks against home computer users. So yes, the news says ransomware attacks are targeting businesses of all sizes, and some payments are in the 10s of millions of dollars when you know the company has no choice but to pay the ransom to get their data back and to help restore their systems. However, there are groups that still target the average computer user at home, and no, they’re not going to say, Pay us 10 million they’re going to say, Pay us $2,000 to get your stuff back. And if you have all your tax forms, all your financial stuff and everything else on this computer, your you know, your family photos, everything’s on this computer, it’s not backed up. And to be honest with you, a lot of home users do not back up their computer, so it’s not backed up. And you don’t know what to do to recover you have no method of recovering your data other than to pay this ransom, so you’re more likely to pay the ransom. And all this came from just applying for a job on off of a social media post that you saw. So now that that’s one example of malware, other types of malware could be malware that steals your data. So it’ll steal your Social Security, number, bank account info, things like that. They’re called info stealers. They get installed in computer. You don’t know they’re there. They’re stealing your data right from underneath your nose, and you don’t even know they’re doing it. And the next thing you know your bank account is empty, your social security, your credit information is in the toilet and all your credit cards are maxed out. They may use your computer to use they may use it in something called a distributed denial of service attack, so your computer is now compromised, and they use your computer’s resources, along with 1000s of other computers to take down a bigger target. So they may point all of these computers to send information to, let’s say Google, just throwing a name out there. And the the idea is, if they get enough of these computers to target Google or whatever enterprise business, they could cripple that business. Now Google, you might have, they might have a hard time doing but a smaller enterprise type business, they might be able to to impact their business. I’ve seen it happen against cable companies, internet service providers. Happens quite a bit, actually, and now your computer is being used for this. And you may never know that your computer was involved, except that your computer suddenly doesn’t work like it used to work. They may be harvesting personal data for marketing. We heard about the big data breach. I don’t. Remember what the name of the company is. Now some data company that was scraping the internet for data. I think they were based in Canada. They were scraping the internet for data, and they were storing it, but where they were storing it wasn’t secured, and that data was compromised. So they had people’s names, numbers, addresses, email addresses, social security numbers and a lot of other stuff, apparently. And all this data got compromised and somebody stole it because they were not taking care of it. So these fake job offers might be doing the same thing. They may be harvesting the data to use in the future or sell to someone else, and then it could also be part of a broader social engineering scam, where that data will then be used to manipulate or deceive the victim in other ways. So let’s say they had a target in mind. They call that spear phishing. They now have this person’s application, which means they have at minimum, home address, name, phone number and email address. They could use that data to then further their social engineering scam and scam this person, even more usually, that’s targeted, so you may get an ad in your LinkedIn, in message, I think they still call it in message or in mail, where they’re telling you to apply for this job. Do you be great for this job? Or you get the text message like I posted on tick tock, right? They have my phone number. I’ve had my phone number for 20 years now, so chances are it’s out there. It is out there, and somebody might be targeting me. I don’t know, but I, I’m, I’m well aware of how these things work, and the problem is most people are not and so they’ll think this is a great job opportunity. I was looking for a job, and they know who you are, so they know maybe you have certain access or certain resources that they are interested in you’ve been targeted, and they take that information that you put on in a job application on the internet and then use it to further engineer you.
So what are these scams look like? Well, on Facebook, they’re typically and I see dozens every day, typically Amazon jobs, some form of an Amazon job, or a FedEx job or Coca Cola or Pepsi job. I’ve seen one. I’ve seen the same Kelly Services, I think it’s called, which is a recruiting company,
just numerous jobs, cleaning jobs,
all sorts of jobs that get used to scam people. Because, let’s face it, everybody’s looking for different types of work. Most of the time they will include some form of remote work, homework, meaning you can work from home, you know, a cleaning job. Obviously that that’s not going to work unless they tell you your your plot, processing payments or something like that, which I’ve seen a lot of too, almost always point to a Google site. I think it’s site dot google, but I think I remember seeing that Google is shutting that down, so they may use some other service for that going forward, I’m not sure. Link, when it’s on LinkedIn, typically you’ll get a message for the job. However, there have been occasional postings for jobs that really don’t exist. LinkedIn is usually the opposite. It’s usually somebody that’s applying to jobs that’s really not qualified for the job, and they’re trying to engineer, socially engineer, the company, rather than an individual. But it does happen on LinkedIn. You may get a message at saying, apply for this job. That’s the most likely scenario on LinkedIn. The text messaging stuff is usually, well, first of all, it almost always looks like it’s not coming from an iOS device, because it doesn’t have the blue bubbles. It’ll have green, which is usually online or Android or something along those lines. And that’s, that’s a red flag for me. But you know, the real red flag here is, most recruiters do not text you out of the blue. So Joe schmoes recruiting company isn’t going to text you out of the blue and say they found your resume and they have the perfect job for you. That’s not going to happen. And they’re not going to tell you to log in with random password and username. They’re inventing all of this as they go. So the you know, the one I shared, asked me to log in with a random username and password. They wouldn’t do that to apply for a job. If you’re going to apply for a job, if you want to find a job, go to indeed, go to any of the legitimate job boards that are out there. And there’s lots of them. I. Or go to LinkedIn and look for the job on there. I know Facebook has legitimate jobs. I wouldn’t use Facebook to be my job search tool of choice. I wouldn’t. I wouldn’t. That wouldn’t be my top choice. Now, if I see a friend who knows somebody who has a job, then, okay, maybe I’ll reach out and say, Hey, what is this job about? And find out if it’s legitimate. But generally speaking, I don’t think I would use Facebook to look for my job. LinkedIn, indeed, I would not use Craigslist for for a job, to look for a job. I know some companies do, and I know they have a whole hiring section. I know they do that, but it’s Craigslist is kind of I don’t know the cesspool at this point, reminds me of x, formerly known as Twitter. It’s just the cesspool of nonsense, bots and junk and garbage. The opinions in this podcast do not represent my audience or anybody else, but it’s what I believe. You know, you have the zip recruiter, monster, Career Builder, sites like that that will help you, on top of indeed, that will help you find the job. There’s some industry focused sites like, I think dice, if it’s still around, was mostly for technology jobs, but tend to stay on those sites. Don’t assume that the text message they sent you is legitimate. It’s not. Don’t assume that the social media posts that is, once again looking for Amazon workers and oh, by the way, Amazon does, you know, for the warehouse does not pay well. It’s a very physically demanding job that does not pay well. They’re not going to pay 1000s of dollars a week for that job. They’re now not even going to hire you full time. It’s a part time job, and it does not pay well. So they’re not You’re not going to make 1000s of dollars a week doing that. The jobs where they don’t even have the details, they’ll just say, I’m looking for workers, and the pay is $225 an hour.
It’s not legit.
Avoid these, these scams, like the plague, because they, you know, they may come. You know, I listed all of the things these, scams do, but they may do multiple so they may steal your information, then sell it to the dark web, who will then further try to attack you, and you might not see it coming. They have your email address, so now they’re going to send you to a fake indeed website. It looks like indeed it, but it’s using a Cyrillic E instead of a regular E, and then you can’t tell the difference. So you click on it, and it looks like indeed, you apply for the job, they’ve stolen more of your information. Never, ever pay in advance for anything. Never give up social security number or driver’s license number or any other sensitive information. They don’t need that for you to apply to a job. And I would just say question everything you know, the model around here is never trust, always verify. Go with that. You’ll stay safer that way. That’s going to do it for this Episode. So until next time, stay secure. You
Transcribed by https://otter.ai