Protect Your Company from Job Recruitment Scams and Phishing Schemes

Your company’s talent is its lifeblood. Job postings for qualified individuals and other recruitment activities are vital to its operations. What happens, then, when scammers conduct phishing schemes to trick individuals into applying for nonexistent jobs you didn’t post with the objective of stealing their personally identifiable information (PII)? In today’s age of remote work and virtual hiring, the impersonation of companies in job recruitment scams has become increasingly prevalent. It can be difficult for jobseekers to recognize a recruitment outreach as a scam, particularly when they’re highly interested in the opportunity. Therefore, it’s essential for companies to take proactive steps to mitigate or stop the potential for harm from these ever-evolving schemes.

Report Dubious Job Listings

One of the most straightforward and immediate actions your company can take to combat job recruitment scams is to report fraudulent job postings. Job websites typically have mechanisms for reporting such unauthorized listings. Submitting a takedown notice could be your fastest, easiest, and least expensive method to remove an unauthorized job posting. However, be prepared for the possibility that multiple follow-ups and outreach to in-house counsel at these websites might be required to ensure complete removal.

The importance of reporting fraudulent job postings cannot be overstated. Not only does it prevent further deception of potential candidates, but it also helps maintain the integrity of your company’s reputation. Taking the time to report these listings demonstrates to both jobseekers and other stakeholders that your organization is vigilant and takes such threats seriously. Employment scams not only tarnish a company’s image but also have long-lasting impacts on individual victims who may lose money, personal data, and trust in legitimate hiring processes.

Post Cautions on Career Pages

Another effective strategy for protecting both your company and jobseekers from scams is to place a disclaimer on the career portion of your company’s job webpage. This disclaimer should notify applicants that scammers may try to contact them using your company’s name and branding. You should clearly outline that if candidates are not contacted through specified, verifiable channels, the recruitment may not be legitimate. This is an excellent opportunity for your company to speak directly to job applicants, educating them to be vigilant and cautious.

Additionally, including a contact email address or a form for job applicants to verify the legitimacy of a job posting or communication can be extremely helpful. Applicants can use this resource to directly reach out to your HR department to confirm whether a job offer they’ve received actually originated from your company. This step adds another layer of security by allowing candidates to validate their job offers, reducing the chances of them falling prey to scams. By empowering jobseekers with the tools and knowledge they need to protect themselves, your company can significantly reduce the impact of fraudulent activities.

Send Alerts to Domain Name Managers and Hosts

Scammers can cheaply register domain names using your company’s trademarks, creating a significant challenge for maintaining the integrity of your brand. In addition to creating fake email addresses from fraudulent domains, scammers may also develop fraudulent websites that imitate your genuine site. These deceptive tactics make it difficult for consumers to discern your company’s legitimate domains from the fake ones. Consequently, it’s crucial to send alerts to domain name registrants, registrars, privacy shields, and website hosts, notifying them that the domain is unauthorized and incorporates your company’s protected intellectual property.

Notifying these entities serves as a basis for requesting action against the fraudulent domains. While scamming registrants are unlikely to respond, the hope is that registrars, privacy shields, and/or website hosts will unmask the registrants, allowing you to locate the individuals behind the scam. Unfortunately, these intermediaries aren’t obligated to disclose the registrants’ contact details and often implement a balancing test to decide whether to release this information. Often, their response will be a denial coupled with a suggestion that your company file a complaint under the Uniform Domain Name Dispute-Resolution Policy (UDRP). Nonetheless, sending alerts is a critical step in identifying and mitigating fraudulent activities associated with your brand.

File a UDRP or URS Complaint, or Pursue Legal Action

When scammers persist despite initial measures, it may be necessary to escalate the issue by filing a UDRP (Uniform Domain Name Dispute-Resolution Policy) or URS (Uniform Rapid Suspension) complaint. These complaints are trademark-based domain name disputes initiated before an arbitrator and assert that the registrant has registered and is using a domain in bad faith. If your company wins a UDRP complaint, the registrar can cancel, suspend, or transfer the domain to your company, effectively thwarting the scammer’s initial efforts.

Alternatively, your company can use the URS system, a rights protection mechanism that complements the UDRP by offering a faster, more cost-effective relief path for clear-cut infringement cases. The key difference between a UDRP and a URS proceeding is that the former typically awards transfer of the domain registration outright, whereas the latter only suspends the domain for the remainder of its current registration.

However, even if a scammer loses a UDRP or URS proceeding, they can easily register another domain name to continue their scheme. Despite this, being aggressive in fighting back by consistently filing these complaints puts scammers on notice that your company won’t tolerate misuse of its trademarks and other intellectual property. In extreme cases, your company can file a lawsuit and tender the registrar with a court order or subpoena requiring disclosure of the registrant’s information. While this can be an expensive and lengthy process, it provides a legal recourse to identify and hold perpetrators accountable.

Establish and Maintain Internal Protocols

Implementing and maintaining internal policies and protocols is crucial to ensuring your company stays ahead of recruitment scams. One effective protocol is to keep track of where jobs are posted and periodically monitor the Internet to ensure your job listings don’t appear on unauthorized websites. Your communications team should be prepared with specific verbiage should jobseekers reach out to clarify whether a job posting is fraudulent. These communications should include requests for the scammer’s communications and methods—such as email, job website, other website, social media, or mobile app—and guidelines on how to report the scam to authorities like the Federal Bureau of Investigation (FBI) and the Federal Trade Commission (FTC).

Additionally, your company should have procedures in place to report any potential scams to in-house or outside counsel so that further steps can be taken promptly. Proactively preparing for these scenarios not only helps in mitigating risks but also ensures that your company can respond swiftly and efficiently when fraudulent job postings or phishing schemes are discovered. A well-defined protocol can be the difference between quickly neutralizing a threat and letting it spiral out of control.

Order Domain Name Monitoring and Proactively Register Domains

To stay vigilant against potential scams, numerous watch platforms allow companies to monitor new domain name registrations for potential trademark infringement. By actively tracking these registrations, your company can identify issues before scammers have the chance to contact unwitting jobseekers. Early detection through domain name monitoring enables your organization to take timely action, potentially avoiding much of the damage caused by fraudulent activities.

In addition to monitoring, companies should consider proactively registering certain domain names to prevent scammers from leveraging them for job cons. This involves securing various domain names across multiple top-level domains and in different grammatical formats that scammers could exploit. By holding these domains, your company can effectively block potential scams, further safeguarding both your brand and prospective employees from malicious tactics.

Report the Scam to Authorities

Your organization’s talent is its lifeblood, and attracting qualified individuals through job postings and recruitment activities is crucial for its success. But what happens when scammers hijack this process? These deceitful actors often conduct phishing schemes, creating fake job listings with the aim of stealing personally identifiable information (PII) from unwitting applicants. As remote work and virtual hiring become more common, the impersonation of legitimate companies in recruitment scams is on the rise. Jobseekers, eager for opportunities, can find it challenging to discern between legitimate offers and fraudulent ones. This growing issue necessitates proactive measures to protect both your company and potential candidates from these ever-evolving threats.

One effective measure is to regularly update your company’s official career page and clearly communicate that all legitimate job postings will be listed there. Educate jobseekers about common red flags associated with recruitment scams, such as requests for sensitive information early in the process or offers that seem too good to be true. Additionally, implementing robust cybersecurity protocols to monitor and report fraudulent activity is vital. By staying vigilant and informed, your company can help safeguard its reputation and protect potential employees from falling victim to these malicious schemes. The responsibility lies not just in filling positions but in ensuring that the recruitment process remains secure and trustworthy.

Explore more