I know someone who just had an experience and I thought I would share. I’ll name him “Joe” for the sake of this post.
Leading up to the hacking
Due to being layed off a month ago, Joe has been actively searching for a new job. As we know, a lot of these jobs posted are found on sites such as Indeed, Startwire and LinkedIn to name a few. Well just two days ago, Joe found a post on LinkedIn for a “Graphic Designer” position for a company he thought he was a perfect fit for. Looking through the post, he noticed the company was based in Maryland but had an office in Houston where the position was located. Since he lived in Houston he thought he’d go ahead and apply to the job.
The next day, Joe received an email stating the person sending the email was a representative for the company and after reviewing his resume, thought he’d be a great fit for the company. The email consisted of the following:
We received your application for the Graphic Designer position at (company name) and after further review, feel you’d make a great fit for the position. Please respond to this email confirming you’d like to have an online interview tomorrow.”
Excited, Joe responded letting them know he agreed to an online interview. This didn’t seem out of the norm since the company headquarters was based in another state. However, the interview was going to be done through Google Hangouts and the link to be contacted was firstname.lastname@example.org. Joe thought this was odd that it was going to be done through a Gmail account and not an account with the company name. Again, Joe thought it was possible since he’s worked at previous jobs that use accounts not associated with the company.
The first real red flag happened during the interview. In his experience when doing an online interview, it’s usually done through video chat. However, when connected online the person posing as an HR representative explained in the chat session that it would only be chat based without the use of a video. Joe definitely thought this was odd, but again this was only the first step. He was sure it was all part of weeding out unwanted applicants. So he continued.
As the process continued, the questions asked by the supposed rep regarding the position were actually questions you’d normally get for an interview for a graphic design position. As a result of asking the questions, the chat went on for over an hour.
The moment it got really suspicious
After all the questions were asked, the following chat took place.
At this point, Joe felt it was odd to consistently ask to speak to someone but wouldn’t be given an absolute answer. Before sending any information Joe decided to contact the company directly. From the chat message they seemed to have all the information correct about the company but it was odd to be accepted for a position without actually speaking to someone. So once he got the company phone number he decided to call someone or anyone that was an employee of the company. He was soon connected to a “Jennifer” and she explained that it did sound unusual but that the company was going through a lot of busy schedules so it was a 50/50 chance that it was real. She also explained that she was sure they were looking for a graphic designer but wasn’t sure if the position was filled. She then directed Joe to the company HR Director (Josie) and gave Joe her direct phone number. He called and left a message and within minutes was called by Josie. Joe explains that he was contacted by someone from the company but thought it was odd to have an interview done by chat. After reviewing all the information, Josie was surprised as to how much information about the company was correct from the name of the people contacting Joe to the address of the company and even the position of the graphic designer position needing to be filled. However, the position had just been filled a week ago and the names given were employees of the company but wouldn’t have any part of the hiring process. Both shocked, Joe decided to send Josie screenshots of the chat conversation and forward all emails sent to Joe by the supposed rep of the company. Josie explained she would send all the information to the company IT Department as well as the FBI for further investigation.
Why hackers target people looking for work
Well after speaking with Joe, he was confused as to why he would even be a target. I had to explain that it was all part of the process to seem like a legitimate company to get his bank information. And they would have gotten it once they offered to pay by direct deposit. These days, hackers are going through great lengths and taking their time to intercept people’s banking information because they won’t drain your bank account at once. They’ll slowly do it without you knowing and when they realize what your spending habits are, they will know how to continually pay themselves without you knowing. Longterm and if they do this to multiple people can have themselves a very lucrative bank account themselves without having to work for it.
Tips to know you’re being targeted
- Interviewing you without meeting you
- Remember, they have done their research to sound very legit so just because the name of the company, location of the company and using names people working for the company may all sound correct, it doesn’t mean they are real.
- Hiring you without meeting you
- Asking for personal information without going through a more formal process.
- Wanting to connect with you only through email for work.
- Not wanting to use video chat
What to do if you think you’re being targeted through email
If you think you’re being targeted, and you’re using a Gmail Account; here is what you do. At the top right of the email received, there are three dots. Click the dots and a drop down menu will appear. In the drop down list, click on “Report Phishing”. It all sounds simple but Google will handle it from there.
If you are currently searching for a job online, be careful with the emails you get and keep in mind what to look for to make sure you don’t become a target.