Cybercriminals target 3.13 million unemployed Filipinos and 7.42 million underemployed job-seekers to sell their personal information - name, birthday, phone number and email address, for $10 each on the dark web, according to cybersecurity firm.
Kaspersky said that once these data are in the hands of fake job recruiters, they can be sold or traded to other cybercriminals or companies.
Scammers will also use these data to commit other cybercrimes, such as identity theft or infecting devices with malicious software (malware) to steal more data.
Cybercriminals play on a job seeker’s desperation to make money immediately.
A good 49 percent of Filipinos are now keen to work remotely due to pandemic concerns such as health and safety, making them easy targets for scammers.
Not surprisingly, Filipinos now report receiving way more job invitations through text messages than ever before.
The unsolicited job offers promise unbelievably generous earnings in exchange for seemingly easy work.
Most job scams likewise include having the victim send money to the fake recruiter to pay for “registration fees” or to get “commissions” or “bonuses” with higher returns as long as the victim tops up.
“By now, people are already aware of the standard red flags of fake job offers sent via email such as the sender's address, layout, etc. More or less we know how to recognize and avoid it so scammers have changed their delivery mode to text/SMS,” says Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
“There is also a lowered expectation of danger in text messages so it’s less scrutinized by the receiver, which means the scam is likely to succeed," he warned.
"When an unsuspecting person gets a message like a job offer with an irresistible pay, he is likely to disregard his mental checklist of warning signs and just click through,” Yeo added.
And companies should take measures to protect their brand from scammers who exploit their corporate identity and information for fake job offers.
Possible reputational losses can be avoided by having the company website, which lists contact details (such as for HR), audited for vulnerabilities.
To avoid falling victim to scams, job-hunters should limit job searches to official sources, Kaspersky admonished.
Do not respond nor click on links if they come from people or organizations you don’t know. Replying simply confirms to the sender that your phone number is active.
Install a trusted security solution with fraud and phishing protection and follow its recommendations.
This will solve most of the problems automatically and alert you if necessary.
Remember, personal vigilance is not enough when dealing with sophisticated scam methods used by cybercriminals.
Use multi-factor authentication (MFA). A common variant is a two-factor authentication (2FA) which often uses a text message verification code while a stronger variant includes using a dedicated app for verification (like Google Authenticator).
Check the company’s official website for open vacancies matching your job skills.
Check contact information on companies’ official websites. If needed, send an email to the company to verify if the person who contacted you actually works there.
Be wary of offers to discuss a job or hold an interview in secret chats where messages are encrypted, cannot be forwarded and which alerts the participants if anyone takes a screenshot.
Make an additional phone call to the company to ensure that the job offer is legitimate.
Review your job offer for possible mistakes: carefully check the company name or job title and responsibilities.
Report all SMS phishing attempts to designated authorities.
If one becomes a victim, he can limit the damage by reporting the incident to any institutions that can assist.
He should also change all his passwords and account PINs where possible and monitor his finances, credit and other online accounts for strange login locations and other activities.