I recently received a email that, for a short while, made me think that a top consulting firm might be genuinely interested in my professional services.
“I came across your profile and noticed that you’re currently open to new career opportunities. Based on your background and professional interests, I wanted to personally reach out and let you know that we’re hiring for several new roles that may align well with your experience,” the email read.
It went on to request some information, but nothing that would raise any red flags on first glance, things like: “what job role(s) you’re targeting” and “your preferred industry and career level.” There were no requests for personal information, suspicious links, or email attachments.
My initial glance at this email, which included seeing the consulting firm’s name in the sender’s email address, didn’t raise any red flags, but upon a closer look later, it was clear what was going on.
While fake job seekers have been getting more attention recently, recruitment scams, such as fake job postings and messages from impersonated recruiters impersonations, are plaguing more job seekers than ever.
According to the FTC, reported business and job opportunity jumped by nearly 18 percent last year, and in the UK, job fraud reports to Action Fraud, the government’s consumer protection agency, are up 133% since 2022.
It’s a major challenge for job seekers — 45% said as much in a recent FlexJobs survey — and one that is more difficult to navigate as AI evolves. But simple steps can protect your personal information, bank account, and dignity. Here’s are some ways to spot and stop a fake recruitment email.
Slow down and examine the email carefully
Scammers often mimic the language and branding of legitimate companies to gain your trust — but subtle signs can reveal their true intentions.
Start by checking the sender’s email address: is it a personal Gmail or Yahoo account rather than a company domain? When I first saw the email, I was using my phone, and only saw part of the email address, which included the name of the well-know consulting firm. But, sure enough, after closer inspection, it ended in Gmail.com.
Poor grammar, spelling errors, and generic or sloppy design are common in fraudulent communications like these. This was not the case in my email, but the use of linebreaks was inconsistent, and there was no email signature. So you should also look closely at the formatting of the email, even if otherwise it reads fairly well.
Of course, we’ve all been told to not click on supsoicious links or email attachments, so when those are absent, as they were here, it can elicit a false sense of security. I was being asked to provide information about the type of job I was interested in, not my bank details, so what’s the harm in replying with that?
The scam part comes later in these situations. You may be asked to apply for the role on a clone website that looks quite similar to the company that’s supposedly recruiting you. Then, an interview, often over an internet chat or phone call, may be followed by a job offer. Requests for your banking information or other personal details will likely happen at some point during this process.
Play detective on LinkedIn
While I already knew this email was a dud, I searched for the sender’s name on LinkedIn, and found a profile of a recruiter that actually looked pretty legit. It turns out, that it was.
Scammers often use stock images or AI-generated photos and fill their profiles with vague job titles, limited work history, and almost no activity. A legitimate recruiter will typically have a detailed, verifiable work background and visible engagement on the platform, which this first profile I found had.
From here, I’m thinking we may have a case of recruiter impersonation. So I did another search of the name and added the name of the company that it claimed to represent in the email, and then I found what I was looking for.
This second profile had the same name and photo of the real recruiter, but had only one post and a handful of connections. I also clicked “More” on the profile, then “About This Profile” to see when it was created. Brand-new profiles are a common red flag, and this one was brand spanking new.
So, I solved the case, and if you find yourself doing the same, make sure you do LinkedIn, and real recruiters everywhere, a favor and report the fraudulent profile. LinkedIn prevented over 70.1 million fake accounts from being created during the registration process in the first half of 2024 alone, but some still fall through the cracks.