From fake job postings to fake candidates, it’s clear the job market has changed in the past few years. Finding a job ad that sparks your interest is now only half the battle — the other half is making sure it’s not a scam.
I see three or four LinkedIn posts about job searches and applications gone wrong every day. I’ve read tales of recruiter impersonations, postings for roles that don’t exist, and ads that demand money in order to apply. Sometimes these scams even warrant news coverage due to their reach or shock factor.
Job market scams certainly aren’t a new concept but they’ve definitely become more sophisticated. Fake LinkedIn profiles are more convincing, phishing tactics have matured, and AI can be used to fake… just about anything — from recruiter’s voices to entire videos.
While some recruiting scams are easy to spot, others can fool even the most experienced sleuths. If you’re finding it difficult to sift through the noise (and retain your faith in humanity), join us as we take a crash course on security-savviness in today’s job market.
Why recruitment scams work
Social engineering (very) broadly refers to tactics that exploit human nature for fraudulent purposes. And that’s exactly what offenders use to execute recruiting scams.
These cons are effective for a few reasons. Often the people who fall victim to job scams have been searching for a new role for quite some time. They may be longing for a piece of good news and more likely to take a risk on any opportunity, even if it seems too good to be true
Attackers are smart and do their homework before launching a new scam. They know just how competitive the job market can be, and how many people typically apply for the same position. Criminals use this information to create a sense of urgency and pressure you into making a poor decision. For example, a fake recruiter might tell you to hurry because their (non-existent) company has already received a few thousand resumes and will soon stop accepting applications.
Whether it’s vulnerability or our innate desire to trust one another, social engineers use human nature for their own personal gain. But information is power, and if you know what to look for, you’ll be much better equipped to spot a scam.
How to spot a recruitment scam
Let’s start with the basics: There are many job ads and applications out there designed only to phish or otherwise take advantage of you. Here are a few signs to watch for.
Requests for money or personal information
No reputable employer will require money in exchange for candidacy. If you see a posting that requests money, directs you to a payment portal, or asks for your credit card information to “start the application process,” report the posting (if you’re on a platform that allows reporting) and avoid interacting with the purported company.
Likewise, if an initial application form seems overly intrusive — perhaps it requests your SSN/SIN or similar personally identifiable information — trust your gut. It’s likely a fake job posting designed to gather your personal information. Employers require that kind of data for payroll and other HR functions, and should only need it after you’ve interviewed successfully (for a background check, if you agreed to one) or after you’ve signed a formal job offer.
There are also more subtle ways you can be tricked.
Unsolicited messages or calls
Be on the lookout for fake offers sent via text, iMessage, WhatsApp, and LinkedIn. When (not if) you receive a message from a recruiter, play detective before you engage. Get your Sherlock Holmes on.
Job scams aren’t unique to the internet either. If you receive a phone call from someone claiming to be a recruiter or hiring manager, there are signs to look for before you even begin to investigate the company or role.
Visit the company’s online career page to see if the role is posted. Many companies have callouts on their recruitment pages that warn of active scams, and will include information about where they post, who will contact you for an interview, and other specifics about their hiring process. If you’ve never heard of the organization, search sites like Glassdoor and Trustpilot to get a sense of how (and if) the company operates.
If you’re still wary, search for a LinkedIn profile. Was the recruiter’s profile established very recently? Do they have minimal connections? Do they follow or interact with the company they claim to work for? If they’ve provided an email address, does the domain match the company’s website? In general, look for red flags that indicate your recruiter may not be who they say they are. As exciting as prospective opportunities can be when you’re hunting for your next role, it’s important to do your homework first.
Urgency or a lack of information
Notice if the caller is trying to create a sense of urgency. Legitimate talent acquisition specialists will always give you an appropriate period of time to consider and accept (or decline) an offer of employment. While there are some things recruiters and talent acquisition folks can be legitimately (and frustratingly) cagey about, they should answer basic questions about the role, requirements, expectations, and what the company does. Ultimately, your hiring manager should offer to answer pretty well any question you have before you actually sign on the dotted line.
This is not an exhaustive list nor does it address the types of fake ads that, while not social engineering scams, will disappoint you all the same. But it will give you a good idea of those red flags to watch for as you navigate the modern job market.
How to find 1Password job vacancies
As 1Password grows and expands, we want to do our part to ensure applicants interested in working with us don’t become victims of a scam. Here’s where to look and what to watch for if you’re applying to 1Password.
Geographic locations
At this time, our roles can only be filled by people living in Canada, US, UK, or the Netherlands.
Sources
We post open roles on our website, LinkedIn, and Indeed. And while there are websites that scrape and aggregate postings in order to promote to specific audiences, the links should always lead back to our official careers website.
Content
1Password job postings follow a very consistent format. They start with an introduction to the company, followed by the role description. Our ads also include headers like What we’re looking for, What you can expect, and What we offer, as well as accommodation and privacy information.
Application form
When you apply for a 1Password role, you’ll be asked to complete an application form on our recruitment platform. The URLs of real 1Password applications begin with jobs.lever.co/1password.
An example of a legitimate 1Password job application form.
Process
You’ll receive an email acknowledging your application. Our Talent team will review your submission and reach out if you’re selected to move forward in the process. Emails from your recruiter will come from an address with a domain that belongs to 1Password (@1password.com or @agilebits.com).
If you see a 1Password job ad that contains completely different content, receive an email from someone claiming to be a 1Password recruiter that’s not from a 1Password/AgileBits email address, or find some other fraudulent 1Password posting or application, report it to us at nextbit@agilebits.com.
How to be realistic
I don’t expect you to launch a full-scale investigation every time you see an interesting vacancy — just to remain cautious and skeptical.
If you’re not sure whether a job posting is legitimate, ask a friend, partner, or family member to weigh in. If they also notice something is off, your first instinct was probably correct.
Keep these tips in mind (or bookmarked in your browser!) as you hunt for your next role. And bottom line: Stay alert, but don’t let fear prevent you from searching for your dream job.
Good luck — we’re rooting for you!
Megan Barker
Security Scribbler
Tweet about this post