IF MONEY motivates cybercriminals to trick, swindle and steal, then why are they targeting Malaysian job-seekers who are supposedly income-less and are themselves in need of money?
Job scams have been around for a long time. But it’s getting extra attention lately as Malaysians report receiving way more job invitations through text messages than ever before, according to global cybersecurity and digital privacy Kaspersky.
To begin with, these unsolicited job offers promise unbelievably generous earnings in exchange for seemingly easy work that is too tempting to not even try.
Official statistics reveal that as of 1Q 2022, there are 671,200 unemployed Malaysians. According to a poll by a local university, about 66% of Malaysians are now keen on hybrid working environment due to pandemic concerns such as health and safety.
For scammers, this is a goldmine that they just wouldn’t miss taking advantage of.
Personal information such as name, birthday, phone number, e-mail address are already valuable – it can actually cost up to US$10 on the dark web, according to Kaspersky data.
Recently, a database seller who claimed of having in his possession of dataset that belongs to the registration department has put up an asking price of RM44,000.
Once in the hands of fake job recruiters a.k.a. cybercriminals, these data can then be sold or traded to other cybercriminals or companies. Scammers will also use these data to commit other cybercrimes such as identity theft or to infect your device with malicious software (malware) to steal more data stored in it.
Text/SMS scams
Cybercriminals also play on a job seeker’s desperation to make money immediately. In Malaysia, most job scams include having the victim send money to the fake recruiter to pay for “investment fees” or to get “commissions” or “bonuses” with higher returns as long as the victim tops up.
“By now, people are already aware of the standard red flags of fake job offers sent via e-mail such as the sender’s address, layout, etc,” Kaspersky’s general manager (Southeast Asia) Yeo Siang Tiong pointed out.
“More or less we know how to recognise and avoid it so scammers have changed their delivery mode to text/SMS.”
As there is also a lowered expectation of danger in text messages – as it is less scrutinised by the receiver – this eventually increases the likelihood for the scam to succeed.
“When an unsuspecting person gets a message like a job offer with an irresistible pay, he/she is likely to disregard her mental checklist of warning signs and just click through,” added Yeoh.
He also advised companies to take necessary measures to protect their brand and reputation from scammers who exploit their corporate identity and information for fake job offers.
Possible reputational losses can be avoided by having the company website which lists contact details (such as for the human resource department) audited for vulnerabilities.
Below are 10 tips for job-hunters to prevent them from falling victim to job scam:
- Limit job searches to official sources.
- Don’t respond or click on links if they come from people or organisations you don’t know (replying simply confirms to the sender that your phone number is active).
- Install a trusted security solution with fraud and phishing protection and follow its recommendations.
- Use multi-factor authentication (MFA). A common variant is a two-factor authentication (2FA) which often uses a text message verification code while a stronger variant includes using a dedicated app for verification (like Google Authenticator).
- Check the company’s official website for open vacancies matching your job skills.
- Check contact information on companies’ official websites (if needed, send an e-mail to the company to verify if the person who contacted you actually works there).
- Be wary of offers to discuss a job or hold an interview in secret chats where messages are encrypted, cannot be forwarded and which alerts the participants if anyone takes a screenshot.
- Make an additional phone call to the company to ensure that the job offer is legitimate.
- Review your job offer for possible mistakes: carefully check the company name or job title and responsibilities.
- Report all SMS phishing attempts to designated authorities.
What to do if you become a victim? Kaspersky suggests limiting the damage with the following important steps:
- Report to any institutions that could assist.
- Change all passwords and account PINs where possible.
- Monitor finances, credit and other online accounts for strange login locations and other activities. – June 3, 2022
