Work From Home Scams Are on the Rise—Here’s What to Know
When Tracy Alcaide received an Indeed.com message from a recruiter in September 2022, she was excited. A graphic designer by trade, Tracy was wrapping up a software bootcamp for UI/UX development and wanted a job where she could apply her new skills.
The role on Indeed sounded perfect—except for the fact that it wasn’t real.
“I looked it up on LinkedIn, and there it was,” Tracy tells me over a Zoom call. “It was the same job, the description was exactly the same. It was the same recruiter with the same [profile] photo. So of course I thought it was legitimate.”
The would-be recruiter also claimed to work for a reputable company—Lids, an Indianapolis-based retail spot for hats and official sports merchandise. The company’s official LinkedIn page features a recruitment scam warning, but at the time, Tracy thought the recruiter seemed safe.
Tracy says she’s a trusting person, but the first detail that tipped her off that the job was a potential scam came in the form of a Skype chat job interview. This seemed odd, but then again, the bootcamp she went to also used Skype for chat and video calls. She went forward with the interview.
The recruiter started with fairly standard questions but quickly progressed into what Tracy describes as very good, very detailed questions about the role. So good, in fact, that Tracy started taking screenshots of her answers to practice for future interviews.
As she reads the transcript of the interview back to me, it’s clear that this is when the interview took a sharp turn into scam territory. The impersonator started asking Tracy questions like, if hired, how she’d like to be paid and what bank she uses so he could “…see if it tallies with the company’s official salary payment account that is needed for documentation.”
Tracy was smart to say she’d provide that information after getting hired, which the recruiter said was fine. But after she answered the last of his questions and provided her professional references, the chat went quiet.
It wasn’t until she sent the imposter recruiter a thank-you email that she realized his email address domain spelled Lids with an extra S. Tracy had been scammed.
The rise of the work from home scam
Job offer scams like this aren’t new, but the pandemic-driven trend towards remote work was like throwing rocket fuel on a flame. With millions working from home, recruiters doing cold outreach to fill remote jobs quickly became normal, making it that much easier to trick people.
The FTC issued a consumer alert about work from home scams in May 2022, and they’re still an active threat to job seekers.
The scams usually go something like this:
- A scammer posing as a recruiter reaches out through a trusted job site like Indeed or LinkedIn
- The scammer sets up an interview—usually via text chat through a channel like Skype or Teams
- A convincing job offer is extended
- The scammer then comes up with some far-fetched excuse that requires the victim to send money, or they steal personal information through bogus onboarding paperwork or a background check
For less technical and more junior-level roles, these scams are usually as straightforward as what I described above. But when it comes to higher-level technical roles like cloud engineers, work from home scams can be much more elaborate.
Deepfake technology makes scams harder to spot
On June 28, 2022, the FBI issued a public service announcement warning businesses of scammers using deepfakes and personally identifiable information (PII) to apply for remote jobs.
According to the announcement, the FBI saw an increase in complaints from businesses reporting that scammers were using stolen PII to apply for jobs and then using deepfake videos to impersonate that person in video interviews. Using similar tactics, scammers can also pose as recruiters targeting job seekers.
Al Pascual is Senior Vice President of Enterprise Risk Solutions at Sontiq, an identity security company that helps businesses and individuals better assess their identity theft risk. He says recruitment scammers are already employing deepfake technology to prey on tech job seekers.
“Let’s say I’m an employee and I’m a little bit hesitant because one of the telltale signs [of a scam] is that someone reaches out to me for a job I didn’t apply for,” Al says. “So I may say, ‘Y’know what, is this even real? Let me look this person up on LinkedIn.’ Well, they do a little bit of research, right? They’re real. They’re a real person. And so now they’re like, ‘Well, you know, this is a real person, this is coming from the right kind of source—and then they get on a video call and it’s them? It’s over, man. It’s game over. They’re gonna give up everything.”
Similar to the way hackers use spear phishing attacks to target specific key individuals, work from home scams can also be used as a way to infiltrate the systems of the victim’s current employer.
“But, you know, even if you don’t take the job, the fact that you’re communicating and having this back and forth increases the likelihood that you give them the chance to gain access to your system,” Al says. “Clicking on the wrong link, visiting a site—not even downloading anything. You’re none the wiser until IT says, ‘We found a problem and traced it back to you. How did it start?’ And you say, ‘Well, I was talking to a recruiter.’”
How to protect yourself from work from home scams
With such sophisticated tactics, you might be wondering if there’s anything you can do to protect yourself. Thankfully, you can still spot scams thanks to some seriously unsophisticated moves that cyber criminals tend to make like:
- Creating a false sense of urgency
- Asking for sensitive information too early in the interview process
- Asking you to send money
Al Pascual recommends at least three different ways you can protect yourself from scams:
- Watch for urgency. If a recruiter reaches out and is practically offering you a job you never applied for, be wary. Pay attention to what the hiring process looks like and how fast it moves. If someone is asking you to undergo a background check before you’re even hired, they’re trying to scam you. If you receive an offer within one day or a few hours of an interview, it’s too good to be true.
- Go out of channel. If someone claiming to be a recruiter reaches out, do some homework. Because it’s relatively easy to impersonate someone using publicly available information, don’t rely on looking them up on LinkedIn. Instead, email the company the recruiter claims to represent through their official website and verify if the request is legitimate. Don’t just check to make sure the job is posted on the company’s website—a scammer could easily just copy and paste the wording into a bogus job post.
- Be a pain. If someone uses deepfake videos in a video interview, they did some preparation ahead of time. If you can follow up to ask questions and try to get them back on a video call, you can potentially catch them in a lie.
I also spoke via email with fraud expert Frank McKenna, who writes the FrankonFraud blog. Frank has similar recommendations to those above, but with two important additions:
- Trust your instincts. 50 percent of people being scammed know they are probably being scammed but go through with it anyway.
- Never send money. It’s a job. They are supposed to pay you. If you ever find yourself sending your employer money or gift cards or CashApp transfers—stop. You are probably being scammed.
As someone who unfortunately experienced a work from home scam firsthand, Tracy Alcaide from the beginning of this article also has some advice.
“I would just say watch out for the details,” she says. “Be cautious. Don’t give anybody your financial information.”
What to do if you become the victim of a scam
If you find yourself the victim of a work from home scam, first of all, don’t be too hard on yourself. It’s natural for many scam victims to feel ashamed or embarrassed, but don’t let this stop you from reaching out to get the help you need.
Assess the damage and take action
If you gave away financial information, notify your bank right away. If you gave away personally identifiable information like your social security number, consider freezing your credit and set up identity monitoring with a trusted identity security company.
If you were scammed while using a company computer, notify your employer’s IT department right away. It’s possible the scammer wanted information from your work computer to help them pull off a bigger security breach.
Contact relevant parties, including law enforcement
It might be too late for them to be able to help much, but you should still report the scam to law enforcement. Even if they aren’t able to help, your report helps them keep accurate statistics of internet crimes to keep people informed and on alert.
Finally, consider alerting the person or company the scammer impersonated. They won’t be able to do anything for you, but they can issue alerts to warn other job seekers of scammers posing as them.
Don’t let the scammers get you down
Tracy revisited her pseudo-Skype interview weeks later, curious to see if the profile was still active. To her surprise, the scammer appeared to be using the same account but with a new name and a different profile picture.
A quick reverse image search online showed the scammer’s profile picture was actually a real photo of a local news anchor in Louisiana. They were at it again with a new scam.
You may not be able to completely avoid scams, but you can at least prepare yourself so you know what to look for and what to do if you fall prey to one. Working from home can be life-changing, so don’t let the fear of being scammed stop you from pursuing legit WFH opportunities.
The #1 platform for cloud jobseekers
Create your Nerdly profile today, and join a rapidly growing community of the best cloud professionals on the market.
Whether you’re a developer looking to expand your programming literacy or a recruiter writing a job post or prepping for an interview, understanding the differences between C++ and Java is important. Read on to learn more about what makes these programming languages...
Having a solid DevOps engineer resume is a crucial first step to landing your next (or first) job in your DevOps career. While an application should also include a cover letter and your portfolio, the resume is usually your first chance to impress recruiters. Here’s a...
Apart from your cover letter, a resume is your first impression to most recruiters—and you want to make a good first impression. Whether you’re a seasoned cloud engineer looking to spruce up an old resume or writing one for the first time, here’s some guidance to get...