Employment Scams

There is an observed increase in employment scams. Scammers advertise fake employment opportunities through the same avenues legitimate employers use to seek talent, such as legitimate job boards. Within the last week, at least two identified employment scams were associated with a NJ medical facility that fell victim to a cyberattack and subsequent breach last year.

Victims reported that these scams impersonated various departments and legitimate individuals, including recruiters, talent acquisition, human resources, and department managers. The scammers contacted the victims via LinkedIn regarding a work-from-home position, conducted interviews, and began communicating in non-traditional channels. In one instance, a fraudulent check payment was sent to the victim to establish a home office in order to establish credibility so the victim would complete hiring documentation and provide sensitive personally identifiable information (PII). In another incident, the scammer sent funds to set up a home office using a peer-to-peer mobile payment app, then asked the victim to purchase gift cards and provide the codes to the “equipment supplier.” The gift card codes were sent to the scammer instead.

 Job seekers should examine potential offers by contacting the human resources department directly via official contact information and conduct research online to determine if others have reported a scam before responding or providing sensitive information. Report the scam directly to the posting job board and the Federal Trade Commission and, in the event of theft or PII compromise, contact your local law enforcement department.

T-Mobile Scam

T-Mobile customers are being targeted with a new SMiShing campaign. Like a recent SMiShing campaign targeting Verizon Wireless customers, the message thanks the recipient for paying their bill and includes a malicious link to accept a free gift. The message, however, is sent via group text that includes a number of random recipients and was sent to the targets dozens of times over the course of three days. Customers were unable to block the unwanted messages since they were sent via group text. Customers were likely targeted, in part, due to past breaches that affected T-Mobile and exposed various types of sensitive information.

T-Mobile users should navigate directly to official websites and avoid clicking links delivered in SMS text messages from unknown contacts. Additionally, refrain from providing sensitive information to unverified websites. Text-based scams can be reported by forwarding to 7726 (SPAM). T-Mobile provides online safety recommendations on its education and resources webpage.

The Phone Eavesdropping Scam

Threat actors are using a new scam call tactic known as the Eavesdropping Scam to call potential victims from an unknown number and convince them to call back. Since most unknown numbers are not answered, the scammers rely on leaving vague voicemail messages, pretending to discuss the potential victim, and claiming “I’m trying to get ahold of them right now.” The content of the voicemail message entices the victim to call back, at which point they are subjected to further scams, especially offers of fraudulent tax relief services. The scam avoids most call protection services because it uses legitimate numbers, the call appears to be personal despite being a robocall, the vague voicemail content does not use common fraud-related keywords, and the target initiates the return call. The sudden increase of this tactic indicates it will likely become prevalent.

Users should refrain from answering unexpected calls from unknown international or unusual numbers, or returning calls received from unknown or suspicious numbers. Recipients are advised to hang up immediately upon callback if they hear an odd message. If there is a sense of urgency or pressure, it is likely a scam. Users are encouraged to explore and implement call-blocking options and to check or delete voicemail messages on another phone from unknown or suspicious numbers.