A new job posting scam found by IT security company Qualysys is focused on capturing victim’s identity details, accessing victim’s Facebook accounts, and committing fraud.
In this new scam, legitimate Facebook advertising is used to post fake work-from-home job ads from several companies. As with most of these scams, victims are directed to a third-party messaging app and are asked to sign a realistic-looking employment contract.
This type of scam has been seen everywhere, including LinkedIn and legitimate career sites, attempting to do everything from infect victims with malware to stealing personal information.
What makes this case particularly notable is the incorporation of an authentic-looking contract, which is a new tactic. This particular scam aims not to infect any devices, but to acquire personal information. The inclusion of a contract lends a sense of credibility, leading victims to willingly submit photos of both sides of their driver's license and to digitally transfer a check from the fraudulent employer for procuring job-necessary software.
In the end, the victim has lost control over their identity and potentially some of the funds in their bank account. This is only because these bad actors intent is not about gaining access to a corporate network; this scam could just as easily taken a turn to infect the victim’s computer with malware.
Regardless of the malicious outcome, staying vigilant of scams like this with new-school security awareness training is imperative so they understand that even when it’s the victim themselves that seems to have initiated the interaction, it really was the scammer that posted the job ad in the first place.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Here's how it works:
