Job Application Fraud: How to Detect and Avoid These Common Scams
Job application fraud extends far beyond an applicant embellishing or completely lying on their resume in order to secure a lucrative position for which they are not qualified. Modern technology has opened new doors for fraudsters to create elaborate webs of deception through digital disinformation.
The unemployment rate – now at its lowest since 1969 – is a contributing factor to the problem. In a tight labor market, businesses are fighting for available talent. Employers, desperate to fill open positions, speed through the hiring and onboarding process, creating opportunities for savvy applicants to cheat the system.
Scam 1: Fake References
I have previously written about how deceptive applicants are using cellular phones to provide fake employment verifications and references [note: link to article]. These job seekers purchase several inexpensive phones (or create internet phone numbers) and then provide those numbers to employers along with fictional individuals to contact for employment verifications and references.
They hope that the employers will rely upon the self-disclosed contact information rather than verifying the information through official channels. And many employers do indeed fall for this ploy.
Scam 2: Email Domain Spoofing
In similar fashion, we have seen a rise in individuals using domain and email spoofing to impersonate a company or individual at a company. This is accomplished by sending emails with false domain names which appear legitimate, or by setting up websites with slightly altered characters that read as correct.
A recent case we performed illustrates the point. A candidate applied for a financial position with one of our clients. His employment history was stellar, listing positions with two reputable institutions. He provided contact information for his supervisors at both previous employers, including their personal cell phone numbers and email addresses. However, our analyst contacted both employers at their official office phone numbers rather than relying upon the unverified, self-reported information from the candidate. We issued the background report indicating that neither employment could be verified.
Our client then received emails from the two supervisors, verifying the employment information and offering glowing remarks about the applicant. The official-looking emails both carried the logos of each financial institution and appeared to come from the correct internet domain. However, upon closer inspection, both emails were determined to be fraudulent.
The emails used what is referred to as “look-alike domains,” which utilize visual perception and deception tools to appear legitimate. With look-alike domains, fraudsters register a domain that is closely related to the name of the official organization and then send emails from the fake domain.
In these two emails, the look-alike domains contained a typographical variation involving the use of the letters “r” and “n” to appear to look like the letter “m”. We have seen similar deceptions where the domain name does not contain the letter “L” but instead contains the number “1″ which can look like the letter “L”. We have also seen individuals posing as supervisors, college registrar employees and licensing authorities.
The Bottom Line
While we all rely upon digital information in all aspects of our lives, we must be aware of digitally driven misinformation. This is especially true when hiring individuals into our companies.
Since most of our clients do not perform a background investigation until after a conditional offer of employment has been extended, the background report is the last line of defense keeping an unscrupulous individual from receiving security credentials and access to your people, clients and facilities. You should never cut corners by relying upon unverified, self-reported information from a candidate during the background screening process.
Kevin Prendergast is the President & General Counsel at Research Associates, Inc., a corporate investigative firm serving clients since 1953. Kevin oversees the compliance program at RAI and works with clients and their counsel in developing legally compliant background screening programs. Mr. Prendergast graduated from the Cleveland Marshall College of Law and has been licensed to practice law since 1987. He is a member of the American Bar Association, Ohio State Bar Association and the Society for Human Resource Management.