Job Scam Attack: Fake Offers and Checks

The pandemic has created new opportunities for social engineering attacks on unsuspecting users. One method of attack has been successful enough to force the FBI to release a warning. Cybercriminals are actively using fake job listings to target applicants who complete job applications containing Personally Identifiable Information (PII). This enables the hackers to steal the identity of the applicant. With remote work becoming more and more prevalent, these types of attacks are likely to get worse.

Purchase Equipment on Forged Checks from Empty Accounts

Wordfence, detailed this attack by hackers in a recent Public Service Announcement (PSA). They outlined how an attacker posted a job ad for a position in a reputable company. As with many pandemic job interviews, this initial hiring interview was conducted remotely. Depending upon the quality of the interviewers, the victim is interviewed once or more before being offered the job.

 The “employer” (attacker) then congratulates them and states that they will provide all required furniture and office supplies from a specific and obscure online retailer. A bogus check is sent to the victim which they are told to cash, and they’re asked to immediately buy furniture and computing equipment from the attacker’s preferred online supplier. In the Wordfence case, the new employee spent several thousand US dollars before their check was supposed to clear (but never did).

The victim’s bank must put a hold on the check until the funds are transferred from the hiring company’s bank to the prospective employee (never happens). This scam only works when the victim spends their own money out of pocket, at the preferred online supplier’s website on furniture, computers, or other big-ticket items in a non-refundable way. The victim is out of pocket thousands of dollars. The “furniture and equipment company” is actually the attacker who now has the victim’s money. They immediately close up shop in their online retail store and disappear.

There are other variations on this attack. CyberHoot reported earlier on a similar scam to steal Personally Identifiable Information (PII) from a job seeker. In this spin on job applicant attacks, the scam is based around an employment opportunity at a legitimate company (one that may even have identical job postings) and is used as a vehicle for the attacker to scam the victim’s identity for money.

How To Not Fall Victim

When looking for jobs, it can be a tough time, and having someone reach out for an interview can be exciting. It’s important to still do your due diligence on the employer who is reaching out to you for an interview, even if it’s from a company you recognize. CyberHoot recommends you take the following steps to avoid becoming a victim of this type of scam:

  • Go to the employer’s website and confirm that the job you’re applying for is actually a current open position.
  • Contact the hiring company using the published contact information on their website – either an email address or phone number – and verify that the role exists and that you are in the hiring queue.
  • Steer clear of an unknown job listing website or job postings from social media websites like Reddit. Stick to well-known job websites with good reputations.
  • As far as possible, do not apply on job boards. Instead, apply by navigating to the hiring company’s website and proceed from there. You may be directed to external HR sites like, but you will be following links from the hiring company’s own website.
  • Never spend money out of pocket for a job application or for a new job you have just started. You may need to spend money out of pocket in the future because reimbursement has become standard practice among many companies, but this should be unacceptable for a position you have just started.
  • Avoid interviewing through messaging platforms where you cannot record the conversation. Instead, request a video conference, and screenshot images of the interviewers. While it seems sketchy, you might be able to pass their images to Clearview AI and identify their real identities in a worst-case scenario. 
Additional Cybersecurity Recommendations

In addition to these actions, CyberHoot also recommends individuals protect their identities by following this advice:

  • Prevent identity theft by locking your credit with all four credit agencies as outlined below (see below).
  • Second, learn cybersecurity basics, so you become more aware of the threats you face when interacting online. (PhishingSocial Engineering Attacks)
  • Learn how to spot and avoid phishing and social engineering attacks
  • Be wary of public, unsecured WiFi (use a VPN if dealing with sensitive information)
  • Learn how to use a Password Manager
  • Enable Two-Factor Authentication on all critical accounts
  • Regularly back up your personal data using the 3-2-1 method
  • Follow the principle of least privilege 
  • Subscribe to CyberHoot’s Newsletter to stay current with the always-changing cyber threats.

By implementing these measures you’ll become more aware and more secure. You may not have perfect security but you’ll be doing what you can to reduce the risks you face. 

How And Where To Lock My Credit

Anytime static data that cannot be recreated is breached there are long-term consequences which is the case with the Equifax breach of Social Security Numbers, birth dates, home addresses, and driving license numbers. Putting a credit freeze on your account will protect you largely from hackers taking credit out in your name, but doesn’t prevent them from submitting fraudulent tax returns in your name. Get your tax documents in order and submit them as early as possible.

Transunion Credit Freeze:

Equifax Credit Freeze:

Experian Freeze Center:

Innovis Security Freeze:

To learn more about Remote Job Scams, watch this short video:



Wordfence PSA

Additional Reading: 

FBI Warns of Remote Job Scams

Find out how CyberHoot can secure your business.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.