Here is a heads up about a crafty scam currently targeting businesses of all sizes.
As companies hire interns for the upcoming summer school break, criminals are submitting bogus applications for internships – including some that offer to work in exchange for real-world-training and no pay – through the application and contact features of business websites.
The submissions contain links to real profiles on real social media platforms – but the profiles contain links to poisoned websites or porn sites. While in many of the cases that I have seen (one example appears below) multiple elements of the communication and profile stand out as potential red flags, some examples are extremely well crafted, and could potentially trick many HR department personnel or hiring managers.
What should you do?
Ask all of your applicants to submit their CVs to you in text form – there is no reason whatsoever to click on any links provided in any application until much later in the hiring process, by which point you will know with whom you are dealing. Do not click on any links in any candidates’ social media profiles – scammers are not your only risk: even well-meaning candidates might have been hacked or otherwise shared links to bad sites.
Additionally, as I have mentioned many times before, it is time for social media providers to flag links that users post to other sites that are of questionable repute.
Here is one recent example of the scam – but, beware, many of the bogus applications are not as obvious…
A quasi-internship request submitted online – note the anomalies: Atypical language, 11-digit phone number, etc.
The corresponding webpage on the real about.me website. Note the anomalies: Surname atypical for the geographic location, geographic location atypical for internship applications in the USA, bio provides no specifics, bio offers no connection to nature of potential internship, attractive girl with ‘view my photos link,’ no links to other social media profiles, etc.