It’s not just the application process that attracts bad actors as highlighted in previous article, “The Recruiter & The Thief” not everyone who applies is interested in the role, some are interested in stealing IP or strategic insights.
Employment scams, also called “job scams”, continue to be on the rise, with an estimated 54% increase in reports in 2023 compared to the year before. While scammers most often target large, well-known corporations such as Walmart, Amazon, or Google, biotech and biopharma companies are by no means immune.
NOTE: Per request of interviewees, some of the names in this article have been changed
Just like any other day, Matt, a Talent Acquisition Lead with over 10 years of experience in life sciences recruiting, was perusing LinkedIn. Checking his DMs, one of the messages caught his attention.
A jobseeker had reached out to him to get more information about a job listing he was contacted by another recruiter about. The jobseeker said that his conversation with the other recruiter seemed odd, and he wanted to verify whether the job was real or not. He gave Matt the name of the “recruiter”, but there was nobody at the company with said name, nor was the job post actually real.
Soon following that message, Matt saw several emails come through the company’s careers inbox as well – usually jobseekers asking about roles that were very general or entry-level. One noted that they had had a phone interview with the “General Counsel”, which lasted just five minutes.
Susan, a Fractional Head of HR that we also spoke with, had a similar story to share from when she was formerly a Director, HRBP at a biotech. Someone had reached out to her on LinkedIn saying that they had received a job offer from her company—they had even shared with her an “offer letter” that used her company’s letterhead. Again, the job offer was for a very generalized position that wouldn’t typically be found at a biotech.
These job scams are unfortunately a growing problem, not just in the life sciences job market but across many other industries as well. There are several factors contributing to this increase, notably:
- More remote job opportunities: While many roles have returned to the office since the earlier days of the COVID-19 pandemic, many are still either fully remote or hybrid. This gives scammers an upper-hand, as virtual interviews have become more common.
- Smarter AI: While we might have been laughing at hilariously creepy pizza commercials a year ago, we’ve quickly entered an era where AI-generated content is becoming harder to discern from real life. Scammers have begun using AI to their advantage, generating believable deep fakes and using tools such as ChatGPT to overcome the language barriers and poor grammar that used to make scams easier to spot.
- Layoffs, inflation, and higher cost-of-living: While the life sciences employment market has made steady improvements this year, it’s not out of the woods yet. Week after week, we’re still seeing news of companies, both large and small, downsizing and cutting staff. When getting a McDonalds combo costs nearly as much as eating at a sit-down restaurant, jobseekers are feeling the crunch to get into a new role ASAP.
How employment scams hurt your company
While employment scams most often affect job seekers, your company can also be impacted. For example, your company could risk reputation damage and recruitment problems. Potential candidates may hesitate to apply because they’re skeptical, deterring potential top talent from considering opportunities.
Further, these scams add to your hiring team’s workload, as they must address inquiries and complaints. This requires time and resources, diverting attention from other core recruitment activities and extending the overall hiring timeline. This delay can be detrimental, especially in the competitive biotech job market where securing top talent quickly is often crucial.
Now more than ever, it’s crucial for biotech recruiters, hiring managers, and HR teams to familiarize themselves with current scam strategies and learn ways to fight back.
Types of Employment Scams
These employment scams can come in many different flavors, often involving phishing tactics to deceive their targets:
- Employment Verification Scams: Scammers pose as recruiters, asking for sensitive information like Social Security numbers, banking details, or login credentials under the pretense of verifying employment.
- Fake Job Postings on Job Boards or Social Media: Fraudsters create fake job listings to collect personal information or lure jobseekers into another type of scam on this list.
- Job Recruitment Scams: Impostors claim to be recruiters, offering fake jobs or demanding fees for services like resume writing.
- Work-From-Home Scams: Scammers promise high-paying work-from-home jobs that require an upfront fee for training, equipment, or materials.
- Reshipping Scams: Job seekers are hired to receive and reship packages, often containing stolen goods.
- Fake Service Agencies: Scammers pose as service agencies, charging fees for services like resume reviews or job placements without providing real assistance.
- Equipment/Software Scams: Job seekers are asked to pay a fee for equipment, software or training materials, often with a promise of reimbursement.
- Freelance/Contract Scams: Scammers post fake freelance or contract job opportunities, asking job seekers to complete tasks or projects and then refusing to pay for the work done.
- Fake Internship Scams: Students and recent graduates are targeted with fake internship offers, asking for personal information or payments for placement services.
- Service Provider Impersonation Scams: Scammers pose as a legitimate service provider or repair technician, convincing the company’s staff that they need to take computers or other equipment for repair or maintenance.
- CEO Impersonation Scams: Fraudsters impersonate the company’s CEO, reaching out to employees or jobseekers requesting personal details or other unusual tasks such as buying gift cards.
What can companies do to help tackle the issue?
Steve Frederick, founder of Binary Solutions LLC and former Head of Enterprise Information Technology at Moderna has seen his fair share of job related scams. Frederick says that companies should assume they will be targeted either directly or indirectly and their reputation is at stake.According to Frederick,
“it’s not an if but a matter of when and while IT may be on the front lines, all team members are essential for the maintenance of IT security, it cannot be 100% solutioned and solved by technology.”
He also cautions job seekers and recruiters alike ”if something seems off-kilter or out of context, don’t just automatically respond…stop and ask ..does this message make sense? Is there anything that makes you question its validity?”
Frederick is adamant that the onus shouldn’t just be on the job seeker to identify scammers. There are numerous actions your company can take to help thwart this issue, saving your hiring team time, money, and damage control in the long run.
Here are some additional ways for companies to combat employment scams:
Put a notice on your website’s “Careers” page warning of scams and make it clear that your organization will never ask for personal details such as Social security number, drivers license or bank account information.
For example:
Notice Regarding Employer Impersonation Job Scams:
Recently, we have become aware of several instances of employer impersonation job scams that use our company’s name and logo.
We want to emphasize that XYZ Therapeutics does not engage in any third-party recruitment nor use intermediaries for hiring purposes. Open positions at our company, when available, can be found on our website.
If you encounter any suspicious job postings, emails, or communications claiming to be from XYZ Therapeutics, please notify us immediately at careers@XYZtherapeutics.com.
For more information, please visit: consumer.ftc.gov/articles/job-scams#examples
Implement anti-phishing tools by vendors like sophos, knowbe4, and barracuda These services can identify the threats and offer security awareness training and simulated phishing attacks
In addition to posting jobs on sites such as LinkedIn and Indeed, post them on your company’s website. Jobseekers can then cross-check to have better confidence that a listing is real. We also recommend hyperlinking to the external job listings for an added layer of verification.
Once a position has been filled, take it down ASAP. This gives scammers less content to scrape, making it harder for them to impersonate you or your company.
Organizations should opt to utilize Applicant Tracking Systems/vendors
Choose a platform that employs Multi Factor Authentication(MFA) with email, phone or security apps like OKTA and RSA. Communicating this to applicants is an additional safeguard.
Double-check before opening files or clicking email hyperlinks. This is especially important given how many resumes hiring teams review. Attachments and websites can both carry embedded malware or viruses. If the email lacks personalization or is riddled with misspellings and poor grammar, chances are it’s not legitimate.
Make sure all employees receive high-quality security training. Phishing scams can be a gateway to employment scams, as they collect personal info that could be used to impersonate someone at the company. In addition to routine training, also make sure to include phishing simulations so that employees know what to look out for.
Proactively monitor job websites for fraudulent posts. While this isn’t nearly as exciting as developing a new therapeutic, it’s important to ensure the integrity of your brand and hiring process. Set aside time to skim external job sites on a recurring basis, such as at the beginning and end of the month. If you see a fake job post, report it to the job site.
Review your company’s listed employees on LinkedIn. Sometimes scammers will fake their work history to show that they work at your company, which helps give credibility when they reach out to unsuspecting jobseekers.
Have a response plan. Create and maintain internal SOPs for what to do if you see a fake job ad or if a jobseeker reaches out about a job role they were “offered” but doesn’t exist. Importantly, make sure your team knows how to access these SOPs.
Take the time to do your due diligence. While your team might want to fill a role as quickly as possible, it’s important to take the time to verify that the recruiting/staffing firm or the job applicants you’re screening are legitimate. Ask for references and perform background checks.
If you come across a scammer or are contacted by a scam target about a job opportunity, be sure to report the incident to the Federal Trade Commission.
