Follow ZDNET: Add us as a preferred source on Google.
ZDNET key takeaways
- Job scams are everywhere and only getting smarter.
- I was almost ensnared by one recently.
- It takes a diligent eye and some research to stay safe.
I'm diligent. Very diligent.
I don't generally trust phone numbers or email accounts that I don't know, take care not to give anyone sensitive information, don't trust things I read on social media, and password-protect anything important that leaves my computer.
But that doesn't mean I'm invulnerable to scams; I recently got caught up in one.
Also: Ordering a new phone? Watch out for this convincing scam that hits immediately after
Let me set the stage.
About a week ago, I posted on LinkedIn that I was looking for new clients. I'd had pretty good luck landing high-quality clients through the site, so I figured, “Why not?”
I wrote a very simple post and then changed my profile to “Looking for work.” I immediately received positive responses from people I know and trust.
And then the next day, I received an email.
You know how this goes, right?
The sender posed as a recruiter connected to Docker and said I'd be a great fit to write for the company. I'd been sought out by Docker before, so I thought it seemed legit.
Also: Beware the ‘Hi, how are you?' text. It's a scam – here's how it works
Initially, they were looking for per-hour freelancers, but I told them I didn't do hourly work. They said that was fine because they thought they could get Docker to go with a per-article rate.
It sounded interesting, so I sent them my resume and waited.
The next response was a veritable tome of information about what was wrong with my resume. My response was simple: I haven't had to submit a resume to prospective clients in decades because most companies know my work. They replied with an understanding tone but assured me that if I tweaked the resume, the gig was a lock.
I honestly didn't want to do it. I don't like writing resumes; I don't generally play the corporate game, and I questioned why someone seeking a freelance tech writer doesn't at least know some of my work.
Also: How to turn ChatGPT into a scam detector
But I soon became desperate. I'd lost a significant portion of my income recently and needed to make up for it. So, I went ahead and beefed up my resume and sent it on.
That's when curiosity struck.
Dear Jack…
It began when I looked back on the email thread and realized the person had been writing “Dear Jack” the whole time, which is unprofessional. That led me to check out their email address. What was interesting about that was that the person had attempted to obfuscate their email address by adding a long title to their name.
Also: Fake CAPTCHA attacks exploded by 563% last year: How to spot them
Normally, I can click the email address and view it. This time, however, all I could see was the title. It wasn't until I did a “Copy email address” and then pasted it into a document that I realized I was dealing with someone using a Gmail address.
If this person were legit, their email domain should have been associated with a recruiting firm.
Next, I became curious about their email signature. Instead of text, they'd used an image. I opened the email on my phone and zoomed in.
I then understood what I was dealing with.
You see, once I zoomed in on the signature, I could tell it had been generated by AI. The sentences made no sense, and there were characters that belonged to no alphabet I'd ever seen.
Also: This IRS text message scam keeps fooling people
Yup. AI.
I then realized that every single email I received from this person had likely been written by an AI. They'd probably even used AI to personalize the content specifically for me.
How the scam works
Essentially, the scam goes something like this:
- You receive a message about a possible job.
- You're asked to send a resume.
- The scammer tells you that your resume needs work.
- The scammer then tells you that they'll fix your resume so that it's a sure thing.
- You give them permission to do so.
- They ask for a credit card number for upfront payment.
- You give them your credit card information.
- You don't hear from them again.
- You find out your credit card has been maxed out.
- You were scammed.
Is LinkedIn doing anything about this?
Back in 2023, LinkedIn started using AI and verification systems to address this problem. The company is even mandating that recruiter profiles be verified.
Also: Half of all cyberattacks start in your browser: 10 essential tips for staying safe
In a big sweep, LinkedIn removed over 121 million fake accounts and implemented automated scam detection in messages. At the same time, LinkedIn made it clear that users also had to be on the lookout for such attempts.
That's all fine and good, but what about when a scammer uses an email address? It's far too easy to do. The scammer hops onto LinkedIn, finds someone who's vulnerable, locates their email address, and the scam is on.
How to protect yourself
If you're looking for work online and receive messages from recruiters:
- Always check the email address. If it's associated with a company and not a generic Gmail or Yahoo domain, that's a good sign.
- If the email address looks legit, do some research on the company it came from. You might even call the company to make sure they have an employee with the name of the recruiter.
- Don't respond to an email until you've done some research.
- If you respond, you can ask the alleged recruiter specific questions about their company to see if you can catch them in a lie.
- Ask up front if they are looking to sell a service. If so, block 'em.
- If it sounds too good to be true, it probably is.
- Read through the messages carefully. If you suspect they were composed with AI, check it. You can use AI content detectors to do this; many are free.
- Do not give this person any sensitive information (or credit card numbers).
- Report scam messages to the service provider.
As far as LinkedIn goes for job searches, you should always be on your guard. If someone reaches out to you to say they're hiring for Company X, contact Company X to see if they are actually working with that person. Chances are pretty good they aren't.
