This time of year, people often seek extra work opportunities to make some spare cash. Job applicants flock to websites to find employment. This also attracts scam artists who impersonate legitimate companies to hook victims. While a variety of phishing schemes use imitation to provide a look of legitimacy to the scam, one of the more common scams that we have seen is use of a fake job posting.

The fake job posting lures an applicant into sending personal information to the phishing entity. Or the “job” might consist of the applicant receiving a large check to deposit into a personal bank account and then writing checks from that account to pay “invoices,” all of which are fake. Only after the large check bounces and the personal checking account is emptied does the applicant realize it’s a scam. 

To give the job posting a legitimate appearance, the phisher often uses the employer’s trademarks and logos and often impersonates a company officer or employee. The phisher will generate emails that appear to be coming from the real employer by registering confusingly similar domain names and sending emails from those domains. Often the phisher will use misspelled versions of a legitimate domain name or add nondistinctive elements such as .corp, .co or .ltd to create a confusingly similar domain.

In more sophisticated scams, the domain will be used to set up a website that again uses the employer’s trademarks and logos, and it often includes copyrighted images and text lifted from the employer’s actual website to dupe victims into believing that they are dealing with the actual employer.

All of these activities implicate intellectual property rights and require swift action. For example, when copyrighted material is used, notice and takedown provisions of the Digital Millennium Copyright Act are available to demand that internet service providers remove infringing material. Confusingly similar domain names registered in bad faith may be transferred through an ICANN dispute resolution action. It is also important to write to the job posting sites to have them remove the ads, report the scam to law enforcement, notify potential victims and repair the client’s goodwill.

While litigation is also available, few of the scam artists provide accurate information when they register domain names, instead hiding behind fake names, addresses, emails and stolen credit cards.

From a proactive standpoint, we implement defensive domain name registration strategies to limit the opportunities for the phisher to obtain a confusingly similar domain, and we monitor newly filed domain names. We also recommend active monitoring of job sites to spot potential scams. Overall, these efforts encourage the scam artist to take a path of lower resistance by choosing a less vigilant and active target.

While this article speaks to the fake job posting scam, these techniques may be used with a variety of scams. A key component in effectively mitigating the harm from these scams is early detection. Any proactive strategy should include educational materials to help identify and report “phishy” activity. If you have any questions about addressing scam activity, please contact us.