In today's job market, the allure of remote work has become increasingly enticing. However, companies have started to shift away from remote work post-pandemic and are requiring more in-person or hybrid for employees. Combine that with the downsizing companies are going through at this time and job scams are going to pop up on a more regular basis. Recently, I got the above text from a “recruiter.”

While this might seem like a great opportunity it’s a scam. A job offer does not typically come over text nor does it happen without an interview. This is a path to getting personal information, financial, or drawn into the scam ecosystem as a money mule.

The Scam: Too Good to Be True

The scam typically begins with an unsolicited message from an individual claiming to be "Emily," a customer service agent at Bonanza. The message outlines an attractive remote position with the following promises:

High Earnings: Potential to earn between $50 to $500 per day, with a base salary of $1,000 for every four days worked.
Flexible Hours: Commitment of just 60 to 90 minutes per day.
Comprehensive Benefits: Offers include paid annual leave, maternity and paternity leave, and other legal holidays.
Minimal Effort: Assurances of free training and a guaranteed paid probation period.

Recipients are encouraged to respond to a provided phone number to seize this "opportunity."

Red Flags in the Offer

While the proposition may appear appealing, several indicators suggest it's a scam:

Unsolicited Contact: Legitimate companies seldom extend job offers without prior interaction or application. Receiving such a message without prior engagement is suspicious.
Free Email Account: This text was sent with a Gmail account that anyone that is available to anyone for free.
Exaggerated Earnings and Benefits: Promises of substantial income for minimal work are classic red flags. Genuine employers provide realistic compensation aligned with industry standards.
Vague Job Description: The lack of specific details about job responsibilities, using ambiguous phrases like "helping merchants update data," is a common tactic to obscure the scam's true nature.
Urgency to Respond: Scammers often create a sense of urgency to prevent thorough consideration. Pressuring immediate action is a tactic to catch victims off-guard.
Unprofessional Communication: Errors in grammar, informal language, or inconsistencies in the message are telltale signs of fraudulent communication.
Request for Contact via Personal Number: Legitimate companies typically use official communication channels. Requests to contact personal numbers are uncommon and suspicious.

What Happens If You Respond?

Engaging with the scammer can lead to several detrimental outcomes:

Phishing for Personal Information: Scammers may request sensitive data, such as Social Security numbers or banking details, under the guise of processing employment paperwork.
Upfront Payments: Requests for fees covering "training" or "equipment," with promises of reimbursement, are common. Once paid, these funds are unrecoverable.
Identity Theft: Shared personal information can be exploited for identity theft, leading to financial and legal complications.
No Real Job: After extracting money or information, the scammer disappears, leaving the victim without employment and at a loss.
Become a Money Mule: A money mule is someone who transfers or moves illegally acquired money on behalf of others, often unknowingly.

Protecting Yourself from Job Scams

To shield yourself from such fraudulent schemes, consider the following precautions:

Research the Company: Visit the official website and verify job postings. Authentic opportunities are listed on company websites or reputable job boards.
Verify the Contact: Ensure that communications come from official company channels. Be wary of contacts using personal email addresses or phone numbers.
Be Skeptical of Extravagant Claims: If an offer seems too good to be true, it warrants skepticism. Legitimate jobs have clear expectations and reasonable compensation.
Never Pay to Work: Authentic employers do not require upfront payments for any reason.
Report Suspicious Offers: Report potential scams to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov and to the platform where the offer was encountered.

Conclusion

Scammers continually adapt their tactics to exploit the evolving job market and technological landscape. By staying informed and vigilant, you can protect yourself from falling victim to such schemes. Always verify the legitimacy of job offers and remain cautious of unsolicited communications. Remember, if something feels amiss, it's worth investigating further. Stay safe and informed in your job search and digital interactions.

This is an article I’ve put together for my internal Security Awareness program. Feel free to grab and use in your own program. Created with help from ChatGPT.

In today's digital age, cybersecurity threats are evolving rapidly, and one of the rising threats is "smishing." Smishing, a blend of "SMS" (short message services) and "phishing," is a form of phishing that involves sending fraudulent SMS messages designed to deceive recipients into revealing personal information or installing malware.

Understanding Smishing

Smishing attacks typically involve a text message that appears to come from a legitimate source, such as a bank, a well-known retailer, or even government agencies. These messages may claim that there's an urgent issue requiring your immediate attention, such as a problem with your bank account, a missed delivery, or a tax refund opportunity. The message will usually include a link that you are urged to click to resolve the issue.

How Smishing Works

The goal of smishing is to trick the recipient into providing sensitive information, such as login credentials, credit card details, or personal identification numbers. Alternatively, the link may download malware onto the recipient’s phone, which can lead to data theft or loss, financial loss, and sometimes even identity theft.

Examples of Smishing Attacks

Financial Frauds: "Notice from Bank XYZ: Unusual activity detected on your account. Please verify your identity immediately to prevent closure. Click here [link]."
Fake Contests: "Congratulations! You’ve won a $500 gift card from [Popular Brand]. Claim your prize now [link]."
Impersonation of Authorities: "Urgent COVID-19 alert in your area. Click here for safety measures to follow [link]."
CEO Fraud: “Hi [employee], are you available? I have an urgent need.”

Tips to Protect Yourself from Smishing

Be Skeptical of Unsolicited Messages: Always be wary of text messages that ask for personal information, especially if they convey a sense of urgency.
Verify the Source: If a message claims to be from an organization you do business with, verify its authenticity by contacting the organization directly using a phone number or email address from their official website—not the contact details provided in the message.
Avoid Clicking on Suspicious Links: Do not click on links in unsolicited texts or emails. Instead, go directly to the website by typing the URL into your browser.
Educate Yourself and Others: Awareness is your best defense. Learn about the latest smishing tactics and educate your family and friends on how to protect themselves.

Conclusion

Smishing is a significant and growing threat in the realm of cyber scams. By staying informed and cautious, you can protect yourself from falling victim to these malicious attacks. Always remember that when it comes to protecting your personal information, vigilance is key. If you suspect you’re being targeted by a smishing attack please contact [INTERNAL SECURITY TEAM INBOX].