As the job market faces a wave of layoffs, threat actors have seized the opportunity to exploit vulnerable job hunters with employment scams.
According to research and analysis by cybersecurity firm Proofpoint, employment scams have escalated, targeting university students in North America. These scams employ deceptive tactics, preying on students' aspirations for job opportunities in the healthcare, biosciences, and biotechnology sectors, among others.
Proofpoint's observations revealed a disturbing campaign that occurred in late May and persisted through June. The threat actors used email lures with job-themed subject lines, appearing to come from reputable organizations related to biosciences, healthcare, and biotechnology. Some unrelated organizations were also included in the deceptive emails to broaden their reach.
These phishing emails, skillfully crafted to deceive recipients, contained job interview requests for remote data entry positions. The messages were often accompanied by attached PDF files that claimed to provide detailed information about the organization, the offered position, salary, and equipment specifications.
In the next stage, the recipients were invited to join video or chat interviews on a third-party platform, allegedly for additional information and to prepare them for the role.
Proofpoint's analysis indicated that the threat actors likely followed an advanced fee fraud scheme, which has been observed in similar campaigns in the past. During the video interview, the actor would inform the recipient about an advance fee required for certain equipment before commencing work. Once the unsuspecting job seeker pays the fee, the threat actor would collect the money and vanish, leaving the victim defrauded and jobless.
But why target university students? Well, since most students are often seeking flexible and remote work opportunities, they become more susceptible to these fraudulent offers.
International students, in particular, may be less familiar with the telltale signs of phishing emails, which makes them prime targets. Additionally, the rising inflation and increased cost of education have put financial stress on students, making the promise of quick cash from seemingly legitimate job opportunities even more alluring.
In the Proofpoint report, security researchers documented the following as key components of the fraudulent job offers:
- An unexpected job offer received from a free mail account such as Gmail or Hotmail spoofing a legitimate organization
- A job offer from an email address that uses a domain different from the official company website
- Nonexistent or overly simplistic interview questions with little to no information about the job duties
- PDFs or other documentation that includes grammar and spelling mistakes and generic content about the organization and role
- Offers of receiving a "paycheck" almost immediately after beginning a discussion with a sender
- A sender encouraging a recipient to switch to a personal email or chat account to discuss the job opportunity
- Language such as requesting a "quick task" be completed, especially if it involves sending money via mobile applications or Bitcoin addresses
As the threat actors continue to evolve their tactics, it is essential for job seekers, particularly students looking for entry-level work, to remain vigilant and recognize the common signs of fraudulent emails.