Interview techniques

Having spent the last few months looking at opportunities in the market place, I am getting familiar with the tactics used by organisations to “streamline” the process. The last time I was looking for work was sixteen years ago when LinkedIn had just started to be a thing and the reliance was on searching print media for job openings as well as some of the bigger online recruiters. Most insisted on a face to face interview to discuss your cv, your job ambitions and what potential openings they had.

Today, it has all changed. It is now very easy for a company to post a position online, create an automated process and quickly create short-lists based on algorithms, AI and automation. The consequence is that far more applicants are applying for each job listed, because the odds of making a short-list have been significantly reduced as the filtering based on a cv or a LinkedIn profile can be done by computers in seconds. Consequently, with in many instances the human element in the initial job search being removed, more applicants apply, creating a catch 22 situation.

In the excitement to find an interesting role that ticks as many boxes as it can, we are often prepared to give away more personal information than is often needed. But we do so because the prize is so worthwhile. Except, what if there isn’t a job? What if the ad posted online is simply an elaborate phishing scheme to get candidates to share personal data that could be used for their financial gain?

Employment/Recruitment scams are nothing new. They have been with us for many years and have cost some victims thousands of pounds. There have been cases of individuals selling up and moving their families to a new country because they have a new role only to find on day one that there was never a job and the fees they paid to sort out visas or short-term accommodation have been pocketed by fraudsters. But the acceptance of our digital lives today has led us to be less cautious when it comes to giving out personal details.

It would take a fraudster a matter of minutes to create a fake company profile on Social Media, adding in a few exotic office locations, a fictitious management team and of course, some interesting open vacancies as the company looks to expand into new markets. Applicants for the roles need to submit CVs, a cover letter and complete a suitability questionnaire, all designed to glean information that could be resold on, or used by the fraudsters themselves to lure the candidate deeper into their web of lies.

Sounds far fetched? Well, have a read of this article, written by security expert Brian Krebs who reports on just this type of scam taking place a few weeks ago. This is just one example of a practice that is still far too common, especially as it looks to exploit those who may be in desperate need of employment. We need to take as many cautionary steps when seeking a new role as we do when buying from an unknown online store, or responding to a dubious text or WhatsApp message, and be especially wary if the firm approaches you cold, with an amazing offer of employment.

It doesn’t take much to determine whether a job opening is real or not. Whilst many of us will use LinkedIn or popular job sites such as Indeed, most firms will also list the roles on their own websites. So a starting point is to check to see if the role exists there. Still unsure about the company? When did they register their domain name – if it appears very recent and through a proxy registration that should be a red flag. Look at their address on an online map – does it appear to be real? When you search for the address, what companies are listed? Use tools such as Glassdoor to check on what current and former employees say about the business. Also, search for key individuals on LinkedIn – do they appear to be genuine?

The global economy is still in a state of flux and with economic support for many firms slowly being reduced, the employment market is likely to hot up again. A major “supply” of available people will ultimately increase the demand on vacant positions, and the one thing we know from the world of the fraudsters is when demand increases, so too does fraud.

Pop Quiz

“The name of your first pet + your mother’s maiden name is your stripper name”

I’m sure we have all seen similar questions on Social Media that are designed “just for a laugh” and when we read some of the responses they can be quite amusing. But they are also very revealing. Too revealing in all honesty.

Mother’s maiden name is a frequent question that is part of identification and verification used by many banks and institutions that keep our personal and financial information secure. Whilst we may feel the question is harmless, if a criminal is trying to build a profile of someone, then it is another piece in the jigsaw. Questions about people’s first cars, favourite teachers and best holidays can easily be neatly packaged into something that looks fun on Social Media but is designed to gather valuable information.

Whilst “Speedy McGraw” may mean nothing to anyone else, to a criminal it is two pieces of valuable information they can use in the future not just to try to trick you into revealing more information by pretending to be from a bank or other official institute that needs to urgently discuss important matters with you, but can be very valuable to resell onto more hardened criminals whose intentions are certainly not whimsical.

A large number of people seem to think because someone is asking a question on Social Media then their identity and intentions are known and well meaning. Few of us would respond to a random email asking such questions as “Can I just ask what is your Mother’s maiden name?” nor would we give that information to a stranger who approached us in the street, but on Social Media, as part of a “bit of fun” then many people share away.

For those who are active on Social Media, it is important to ensure your have the right levels of privacy on your profiles and limit who can see that information. Is it really necessary to have your full date of birth on there for instance? All your family members? First School? Pet Names? And so on. Cyber criminals can build profiles in a matter of minutes for some people and then put in place sophisticated attacks that can be devasting.

We all have a part to play in keeping ourselves and those around us safe – a good starting point is just to think what you are sharing and who with.

Daisy May – April 2021, Milton Keynes

A wolf in sheep’s clothing is still a wolf

Last week we wrote about the five tell-tale signs Social Media scams. There tends to be two different types of ways that fraudsters look to exploit social media users for their own financial gain.

  • Setting up Facebook groups that pretend to be owned and operated by brand holders
  • Buying adverts on different Social Media platforms that look the same but use a network of different domain names

In this post we are going to focus on the latter scenario.

The growth of Social Media has been nothing short of phenomenal. Almost every Social Media network is a living example of a tipping point, as described by the best-selling book of the same name by Malcolm Gladwell where it experiences explosive growth as internet users jump on the latest fad. The fact that most platforms now essentially do and offer the same thing is irrelevant – for a significant number of social media users it is all about how many friends/followers/likes/retweets and comments they get.

It is no surprise that social media advertising revenue growth continues to outstrip revenues streams from many offline businesses. In 2019, Facebook generated nearly $70 billion from advertising, accounting for more than 98% of the company’s total revenue. With 2.7 billion active users, that means that for every active user, they are responsible for generating $25 for Facebook. That’s pretty impressive and why Facebook and others are continually looking at increasing the number of advertisers and the volume of ads we see.

Because of the way that Social Media platforms capture the data we voluntarily add, as we as some of our search habits, interests or what advertisers we have engaged with before, they offer highly targeted data for businesses big and small. Whereas traditional advertising, such as print or TV can be targeted at a wide demographic – advertising in The Standard newspaper for instance is relevant for a London-focused campaign, it is hard to be able to target any ads through the newspaper on specific age or interest groups. The Social Media’s huge databases of actionable intelligence allows advertisers to be very specific on who they want to target, with which message, on which days, at what times and what the call to action is. Social Media advertising has been a game changer for many small businesses.

But is has also allow those with nefarious intentions to use exactly the same actionable intelligence, the same tactics and the same calls to action to commit fraud. It is incredibly difficult for the Social Media networks to stop many of the advertisers with illicit intentions from launching a campaign although they are relatively quick at taking them down once they are notified of issues.

But that can be days or even weeks in some cases, during which time ads could have been seen by thousands, even millions of people and significant damage has been done. In our previous post about social media scams we focused on five tell-tale signs that an advert could be a scam, with the advertiser’s aim in gaining your personal and financial details. Often the only way anybody will know that a website which is advertising on Social Media is a scam is when any goods or services that have been ordered fail to materialise. Naturally, the scammer may appear to be helpful in dealing with perceived delays of orders. “It’s Christmas and the Royal Mail has severe backlogs”, ‘Brexit has meant our goods are stuck in a warehouse in Belgium” or “Our delivery firm have got a COVID-19 outbreak”. All genuine reasons for goods being delayed, but also very handy for the scammers to continue their illicit practice before their websites and ads are shut down.

One tactic that some fraudsters use is to register a bunch of domain names that on the face of it seem relatively harmless and don’t draw any unwarranted attention from brand holders by using trademarks or key terms but all appear on Social Media as identical ads and resolve to identical websites. Why? Because they use the different domains to focus on different demographics of users. The fraudsters have SEO and Social Media advertising experts who will tweak their ads to get the best return on investment. So when you see the same ad time and time again it is worth checking on the domain name being used and doing a Whois search to see when it was registered. The chances are it would have been relatively recently and the registrant details will be protected with a privacy company’s details.

Last year, the FBI’s Internet Crime Complaint Center received 467,361 complaints, with reported losses exceeding $3.5 billion. This will be the tip of the iceberg. Many victims will not report the crimes they experienced to the authorities for a variety of reasons. According to the study last year, 94% of respondents who had admitted to have been scammed online said that they had originally connected with the fraudsters via Facebook or subsidiary platform Instagram.

There are some fantastic small businesses who use Facebook ads to generate their revenues. The ads provide low cost ways to reach targeted audiences across the globe and have undoubtedly contributed massively to the global economies. But that bonhomie has also allowed the fraudsters to grow their illicit businesses. We all need to play a part in limiting their successes by being vigilant and aware of potential scams. If you do see multiple ads for good and services on Facebook, stop and ask why a company would be doing that. Do you own research and then decide whether the potential reward is worth the risk.

Just another Manic Monday?

In theory the volume of emails hitting our inboxes should start to decrease after today as we see Cyber Monday move into Giving Tuesday and firms scale back their marketing activities. The amount of money spent online this year, thanks to our COVID-induced lockdown, is likely to have hit record levels, coming at a vital time for many retailers. Analysis carried out earlier in the year by Edge Retail suggested that the COVID-effect to retailers could be up to £5 billion.

However, despite the inevitable increase in online spending, the amount of fraud will have increased accordingly. According to Digital Trust and Safety company Sift, the fraud rate (reported attempts of fraud divided by total online transactions) from the start of October to mid-November was nearly 400% up on the same period in 2019. With online transactions spiking for the year over the last four days, it is anticipated that the level of online fraud will be off the scale in 2020.

Whilst organisations such as Action Fraud have active campaigns focused on consumers and the tell-tale signs of scams, the £13.5m worth of fraud last festive period is unfortunately likely to be topped this year. Fraudsters use the same tactics as genuine brands to hook unsuspecting consumers attention and divert their interest, web session and ultimately hard-earned cash from legitimate brands.

Social Media continues to be the easiest method of attracting customers for fraudsters – the more information we share with the networks, the more targeted the scammers ads can be. To give an example, from looking at my posts it is clear I am a football fan. I live in England and so there is a higher chance than average that I may be interested in England’s National Team football merchandise. Which is why I was served with the advert on the right.

This shirt caught my eye as it appears to be manufactured by Under Armour rather than Nike who currently hold the contract as official merchandise supplier to the Football Association. I searched for similar images and found dozens, all identical apart from the two logos on the shirt. So if you were an Irish Rugby fan or an Arsenal fan, you may have seen one of the images below.

The website that is selling these shirts has so many alarm bells that it is surprised any potential customers aren’t deafened on loading, ranging from using the same text for their terms and conditions as many other websites, only offering contact through a webform and a domain name that was registered relatively recently. The return on investment on a social media campaign is relatively low and it only takes a few orders from customers who don’t see the warning signs for them to profit. Of course, capturing personal and financial details from unsuspecting customers is valuable data enough for them.

Whilst the madness of the Black Friday weekend is drawing to a close, it doesn’t mean that the fraudsters will also disappear back into the corners of the dark web. We all need to keep our guard up and make sure that we don’t become part of the problem rather than solution…..and, of course, remember if it looks too good to be true, it probably is.

‘Tis the season to be wary

It is not a surprise that the number of scams we are exposed to as consumers increases in the four weeks before Christmas. The traditional sales period starts earlier and earlier every year but with the vast majority of our shopping this year forced online, we all need to be part of the solution rather than the problem when it comes to online fraud.

The must-have item in many households in the UK this year is the PS5. Sony’s new games console was launched last week to a great fanfare and consequently, huge demand. As predicted, stores quickly ran out of their limited supply of the consoles, which retail at up to £449. It isn’t just Sony who can’t meet demand – Microsoft’s Xbox Series X, launched earlier in November is sold out everywhere and may not be available until Spring 2021. The huge demand and the scarce supply is bad news for consumers but is the perfect storm for the fraudsters.

The festive period is a lucrative time for both legitimate and illegitimate businesses. Whilst genuine retailers will have invested not only in stock but also marketing campaigns, the fraudsters will ride on the crest of the wave of consumer demand, knowing that a few well-placed adverts on Social Media will reap their ill-gotten rewards.

In the space of a few days there have already been stories of consumers being duped even when using legitimate retail websites.  In an article for Forbes.com, tech journalist Barry Collins reported a number of cases where customers had received items that certainly weren’t the PlayStation 5 consoles they had ordered from Amazon, whilst the usual adverts have been appearing on Facebook for the consoles, using genuine retailers brand but as usual, featuring poorly written adverts that give away to most people they are scams.  Unfortunately, that still doesn’t stop desperate consumers being tricked into handing over their personal and financial details.

The National Cyber Security Centre (NCSC) updated their guidance for online shoppers this week ahead of what promises to be a big week for online retail:

  • Be selective about where you shop online – if a deal looks too good to be true it probably is!  So, if a retail store or website you have never heard of has hard to find items in stock, ask yourself why.
  • Only provide the necessary information to make a purchase – some scam websites will try to gather as much personal data as they can to either use themselves for other scams or sell onto third parties who have nefarious intentions.
  • Only use websites which are protected through encryption or SSL.  Look for the green browser bar or the small padlock in the address bar.  Never submit any personal or financial details unless you are on an encrypted page.
  • Be very wary of suspicious emails, phone calls, texts or WhatsApp messages.  Unfortunately, our personal data is constantly at risk of being used for fraud.  Scammers do not adhere to GDPR regulations!

If you are unsure whether to trust a website, check when the domain name was registered. Most, not all mind, scam websites use recently registered domain names which may also be typos of well-known brands. 

In the last seven days hundreds of new domain names featuring the trademarked term “PlayStation” have been registered, including PlayStation5.deals, PlayStation5.gift and PlayStation5.online – none of which appear to have been registered by Sony.  The speed by which a scammer can register a domain name and get a website up and running is faster than ever so consumers should check if things don’t stack up.

As always, the need to exercise caution increases at this time of the year not just for consumers but also for brand holders.  Unfortunately, the actions of the scammers has an consequential impact on the reputation of the brands.  Stories about consumers being scammed when trying to buy their products or using their websites will scream their brand name and so it is important that organisations also need to be monitoring the situation and taking action swiftly to reassure consumers. 

We’ve all faced enough problems in 2020 to not want more headaches and heartache this festive period.  Don’t let the fraudsters win – if something looks too good to be true, it probably is!