How to spot WhatsApp employment scams and avoid falling victim

Career

According to the police and cyber experts at the NEBRC, criminals are targeting job seekers with WhatsApp employment scams.

The trend sees cybercriminals impersonating organisations by sending fraudulent WhatsApp messages to unsuspecting job candidates. The messages encourage job hunters to unknowingly respond to, click links, download software or share personal information via the app. 

Why are scammers using WhatsApp to target job seekers?

While the ‘job’ applications happen over email, WhatsApp is increasingly being used in business settings and fraudulent messages are often more difficult to spot via the app.

It may be that criminals prefer WhatsApp due to its global popularity and mobile accessibility. Messages are delivered instantly and read quickly, ideal for exploiting time-sensitive situations. WhatsApp’s informal feel can also lower suspicion, and users are often likely to trust messages from known contacts or businesses more readily than emails.

How these job scams work – an example

An anonymous victim whose marketing agency recently suffered such a cyber attack has shared their story to give an idea of how these scams work:

“Earlier in the year, we were alerted to unusual activity relating to our business by a job applicant. Fraudsters had messaged several digital freelancers with a link to a fake job portal, asking them to pay a deposit to secure work with the agency and share financial information. Applicants were told they would be refunded, alongside an additional payment once the work was complete. However, this was a clever plot to steal personal and financial information and no such jobs existed.

“The criminals targeted freelancers across Europe, and after clicking the links and sharing payment details, the applicants eventually sought out and emailed the correct agency contact details, asking where their payments were. 

“Upon receiving these emails, we knew something was very wrong and that we’d been impersonated in a sophisticated cyber-attack. A huge challenge then became finding all those who had fallen victim. We didn’t know who was affected unless they reached out to us directly. Luckily we had an action plan and process in place for any cyber breaches, thanks to our local business resilience center, the NEBRC, and so had support to help navigate the attack.

Despite protective measures, even established companies like a marketing agency can fall prey to cybercriminals exploiting WhatsApp vulnerabilities. Leveraging bulk WhatsApp marketing tools, these agencies enhance both efficiency and communication reach; however, misuse or theft of this technology highlights the importance of secure operational practices to prevent scams affecting unsuspecting job candidates or client reputations.

“I’d strongly recommend getting the message out as soon as you have an understanding about what is happening. We created social media posts, blogs and relevant email comms which highlighted the events which were taking place. This not only meant those who were vulnerable became educated but it seemed to stop things happening. The blog post on our website about “how to spot if it’s really us” and the various channels we communicate on, was an important part of the process.”

How to spot Whatsapp employment scams

Forewarned is forearmed. Here are eight signs of recruitment scams that could leave you at risk. Please be careful if you notice any of these giveaway signs:

  1. Poorly written job adverts
  2. Suspicious contact information
  3. Unrealistic salary
  4. Being asked for money
  5. A job offer without an interview
  6. Illegitimate companies or email addresses
  7. Non-UK web domains
  8. Unsolicited contact from an unknown number

What to do if you’ve fallen victim to recruitment fraud

Worried you may have fallen victim to recruitment fraud? Once you suspect a scam, stop all communication but make note of their details. Do not give any money or further details to the scammers. 

Report the scam to Action Fraud. In the UK, you can report employment or recruitment fraud to Action Fraud on their website, or at 0300 123 2040. Alternatively, you can seek advice from the Serious Fraud Office. Warn ActionFraud of where the recruitment scam can be found.

Business have an obligation to protect candidates

Martin Wilson, Detective Inspector and Head of Student Services at NEBRC notes that responsibility doesn’t just lie with the candidate; businesses have obligations too.

Businesses should put recruitment processes in place which recognise this risk. A written process should exist, which is regularly reviewed and should include a section on any risks to the organisation’s stakeholders and a section in any client contracts.

Failing to plan and respond to a threat quickly and appropriately can cause additional losses and depending on what has happened, the reputational losses may even have the biggest impact.

How to help prevent fraudulent WhatsApp employment scams

Here are Martin’s recommendations for recruiters and businesses to help prevent and protect against fraudulent Whatsapp employment scams:

  • Verification Processes: Implement robust verification processes for all job applications and communications. Verify identities through multiple channels before sharing sensitive information.
  • Official Channels: Use official company channels (such as verified email addresses or company websites) for initial contact and information sharing rather than relying solely on messaging apps like WhatsApp.
  • Educate Employees: Train employees and recruiters to recognise common scam tactics, such as requests for personal information, upfront payment requests, or unusual job offers.
  • Clear Communication: Clearly communicate to job applicants about the company’s recruitment process, including which channels will be used for communication and what information will be requested.
  • Privacy Settings: Encourage the use of privacy settings within WhatsApp to control who can see profile information and contact details.
  • Report and Block: Promptly report suspicious activity to WhatsApp and block suspicious contacts or numbers.
  • Public Awareness: Raise awareness among the public about the potential for WhatsApp scams and advise job seekers to verify the legitimacy of job offers through official channels.
  • Legal Disclaimers: Include disclaimers in job postings and communications, stating that the company does not request sensitive personal information or payments through messaging apps like WhatsApp.

The NEBRC (North East Business Resilience Centre) is a Police-led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.

For further guidance on protecting your business from hiring fraud, contact enquiries@nebrcentre.co.uk. You can also stay up to date with the ever-changing digital landscape and security threats, by signing up for their free core membership.