By Daniel Farber Huang
July 1, 2020
Desperate times. Desperate measures.
Everyone is feeling the pinch, or more likely the punch, of the paralyzed economy. What’s more, the rapidly swelling 2nd wave of COVID-19 (with possibly even a 3rd wave in the future) means many people’s financial security will only grow both weaker and bleaker. If you or anyone you know is among the 40 million currently unemployed (or one of the even-harder to quantify underemployed) be very aware of potential job scams trying to take advantage of you and steal your money.
In his concise yet highly-informative book The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime, Scott E. Augenbaum sheds light on job scams that target a broad swath of today’s job seeking population: people who desire to work from home.
The Secret to Cybersecurity was recently published in pre-COVID 2019. Augenbaum, a former FBI Supervisory Special Agent in the Cyber Division, Cyber Crime Fraud Unit at FBI Headquarters in Washington D.C., considered typical “work-from-home” job-seeking candidates to be college students, stay-at-home mothers, and the elderly. One can only assume today’s work-from-home pool of candidates is maybe ten times, maybe a hundred times, larger. The lessons (actually, the warnings) are even more applicable today than last year given the severe difficulties many unemployed or underemployed are now facing.
Three common scams include the Accounts Receivable Clerk, the Funding Manager (my description of the job), and the Reshipper. Keep in mind, criminals are prolific when it comes to crafting variations on a theme, so nefarious actors can easily tailor one line of scamming to something that can look very different but still has the same goal of taking advantage of the job applicant.
The Accounts Receivable Clerk
In this scam, the victim either applies for or gets recruited as an accounts receivable clerk for a nonexistent company. The new employee’s job is to receive AR payments by ACH or wire transfers into (here it comes...) their personal account, and then the employee is instructed, according to Augenbaum, to wire “about 90 percent” of the proceeds to the company’s bank account or perhaps via Western Union. The employee keeps a generous 10 percent commission, that is, until law enforcement knocks on their door for money laundering.
The funds in question are often stolen from legitimate companies that did not employ two-factor authentication in their operations (which will be discussed in a future article).
The Funding Manager
In this scam, the cybercriminals send fraudulent checks to their new employees (otherwise known as “mules”) and ask them to deposit the checks into their accounts.
“After taking a certain percentage of the money, the mules transfer the rest to the criminals’ accounts. A few days later the mules will learn the checks weren’t real and that they actually sent their own money to the crooks,” Augenbaum said.
The bad guys in this operation recruit people through Craigslist, Monster.com, and other local message boards. The new employees are hired by what looks like a legitimate shipping company to receive packages (usually filled with expensive goods - computers, phones, and the like), open the packages, inspect the items and then send the merchandise to another address as instructed by the company. To keep the employee honest, the company has them fill out a job application with their personal information, including Social Security number, date of birth, and bank routing and account information.
A few things to note here: the merchandise is usually purchased with stolen credit cards and the final destination address is usually overseas (Augenbaum notes West Africa and Eastern Europe are popular). And the scammer has also taken your personal and banking information.
Most real companies are suspicious when expensive items are purchased to be shipped overseas, so from a criminal’s standpoint having that stolen iPhone(s) sent to Ohio or Maine is so much easier. To further pour salt in a wound, mules are sometimes paid with worthless, counterfeit checks. Some mules get overpaid, and send their bad guy employers the difference, which turns out to be the victim’s own money. And, once again law enforcement will come knocking on the door of the “employee” who received and accepted thousands of dollars of stolen goods.
Unfortunately, each of the above jobs appears, on face value, appealing, attractive and likely the answer to a desperate job-seeker’s prayers. In our post-COVID connected yet incredibly disconnected world, it is even more critical to question and investigate potential employment opportunities.
In The Secret to Cybersecurity, Augenbaum advises job seekers to:
Never accept a position that requires depositing money into your bank account and then wiring it to different accounts. In nearly every case, you’ll be laundering money.
If a job description includes poor use of the English language, including grammar, capitalization and verb tenses, it’s more than likely a scam. Many of the cybercriminals who send these types of emails are not native English speakers.
Never provide credentials of any kind, such as bank account information, Social Security number, usernames, passwords or any other personally identifiable information in response to a recruiting email.
Before accepting a position, ask for a job interview by phone, video conference, or preferably in person. If the only job interview occurs via email or text messaging, it’s probably a scam.
Research your potential employer before accepting a job. Search the internet and other resources to determine whether or not you’re interviewing with a legitimate company. Ask for its website address and physical address. Check online business complaint sites, social media and the Better Business Bureau.
It was hard enough to avoid the boundless, shameless creativity bad actors would implement to take advantage of the vulnerable before COVID. It’s even harder now.
Note: Some of the links above are affiliate links, meaning, at no additional cost to you, Paradigm Crunch will earn a commission if you click through and make a purchase.