Cyber criminals are posing as recruiters and employers to offer people fake jobs in a scheme designed to steal money, personal data and trick victims into helping them commit money laundering.
Detailed by cybersecurity researchers at Proofpoint, the job fraud campaigns attempt to lure people in with the promise of upfront payments for simple jobs that can be done while working from home.
Nearly 4,000 of these email threats are being sent every day – most are sent to people in the United States, but Europeans and Australians have also been targeted.
SEE: A winning strategy for cybersecurity (ZDNet special report)
In over 95% of cases, the attackers are aiming at email accounts linked to universities and colleges, targeting students who are likely to be open to flexible and remote work opportunities.
Remote work has risen because of the COVID-19 pandemic, something that could make the approaches look less suspicious to victims. Some of the fraudulent emails even reference COVID-19 as a reason for the fake jobs being remote.
While the lure of making easy money from remote work sounds tempting, the attacks are designed to fleece victims – according to the FBI, the average loss for victims of employment fraud actions is around $3,000.
"These types of threats can cause people to lose their life savings or be tricked into participating in a criminal operation unknowingly. They are very concerning for universities especially," said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
Those behind the attacks use several different templates, often using the real branding and logos of the companies they're claiming to come from. The attackers are also known to use spoofed or compromised email addresses of recruiters in order to send initial emails.
One of the scams purports to be from the United Nations Children's Fund (UNICEF) for an executive personal assistant role, claiming to offer $400 for eight hours a week of work. The email contains link to a Google form, asking for a name, alternative email address, and phone number.
If the victim enters their details, they receive another email with more information about the supposed job, and if the offer is accepted, the attackers send a fake cashier's check, initially for $950, then rising to $1,950 – this is designed to look like the victim will be paid, when that isn't the case.
Instead the attackers ask the victim how much they have in their bank account, so money can supposedly be used to send toys to children in orphanages – researchers were asked to transfer $1,000. The attackers asked for the transfer to be made – something that leaves the victim out of pocket because the fake cashier's check that supposedly covers the cost can't be cashed.
Another of the phony jobs takes a different route, sending emails in which the attackers are claiming to be recruiting college students for an alleged modelling job – which doesn't really exist. The email claims that the victim will be paid over $2,750 up front, and any expenses related to the shoot will be reimbursed.
SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened
The attacker emails a fake check and, in some instances, it is even sent to the victim's home – but because it's fake, it can't be cashed. In this case, the fraud is based around sending money to cover "shipping costs" for items to be used in the shoot – items that are never ordered for a shoot that won't happen, ultimately resulting in money being stolen from the victim.
Not only can these fake jobs leave people out of pocket, they could also potentially be unwittingly helping to facilitate cybercrime, as it's likely some of these cash transfers are part of fraud related to other schemes.
In aiming at students, the attackers are potentially exploiting naivety about online threats and the world of work – for example, a legitimate employer is very unlikely to send a paycheck before an employee's first day of work and nor will they ask employees to buy items before they start the job.
In order to avoid falling victim to these scams, it's recommended that caution is exercised when receiving an unexpected job offer, especially if it comes from a freemail account like Gmail or Hotmail, but claims to be coming from a legitimate organisation.
People should also be wary about nonexistent or overly simple interview questions and a lack of information about the job itself, or requests to switch to a personal email address or private chat account to discuss the opportunity. It's also worth remembering that if an opportunity seems too good to be true, then it probably is.