Beware of Terrifying LinkedIn Job Scams Preying on Job Seekers

Fraudulent job offers are now one of the most prolific and fastest-growing schemes in the U.S. ^[1]

They are employed using advanced forms of psychological trickery, social engineering and artificial intelligence (AI). The scale and sophistication of these job scams is terrifying. And they prey on human vulnerabilities.

---

Here’s what we discuss in this guide:

---

---

Harsh Reality: Job Scams Are Spreading Like Wildfire

According to the Federal Trade Commission (FTC), scams related to job opportunities cost Americans an estimated $490 million in 2023.^[2] This is more than a 450% increase from five years prior.^[3]

This figure does not even account for unreported cases or those reported to other sources. For instance, the Federal Bureau of Investigations’ (FBI) Internet Complaints Center separately reported more than 15,000 victims of employment scams in 2023, resulting in losses exceeding $70 million.^[4]

Given that most fraud goes unreported, these numbers likely represent only a fraction of the true magnitude.[5]

Why No One Is Immune to Fraud

Fraud has changed—no longer can we say “it won’t happen to me.” We’ve entered an era where even the sharpest minds can be duped.

Democratized technology, the prevalence of generative AI, and a shifting job market, among other factors, have enabled a new breed of highly deceptive scams. The tactics being deployed are unnervingly convincing, even to trained eyes.

Consider, for example, the largest crypto heist in history: the $615 million hack of Axie Infinity.

This heist is believed to have originated from a scheme where an organized group of hackers tricked an engineer into applying for a fake job on LinkedIn.

While the particulars of the initial breach are subject to debate, the explanation provided by The Block, which includes accounts from “two people with direct knowledge of the matter,” highlights several aspects that demonstrate the sophistication of contemporary job scams.^[6]

The Fake Job That Cost $600+ Million

In 2022, a blockchain project linked to Axie Infinity, one of the world’s most popular “play-to-earn” online games, made headlines as the target of a large-scale cyber-heist. The heist stole 173,600 Ethereum and 25.5 million USD coin in two transactions.

Based on research performed by The Block, it is believed that a senior engineer at Axie Infinity’s parent company, Sky Mavis, fell victim to a complex job scam orchestrated by experienced hackers. It was reported that the hackers contacted the engineer over LinkedIn posing as recruiters for a fictitious company. ^[7]

They engaged the engineer in multiple rounds of interviews and eventually offered him a job with an extremely generous compensation package.

The job offer was delivered in the form of a PDF document, which the engineer downloaded.

However, the document was laced with spyware that allowed the hackers to infiltrate Sky Mavis’ systems and gain access to the Ronin blockchain network that powers Axie Infinity. Once inside, the hackers were able to corrupt five of the nine validator nodes on the Ronin network, giving them control over the system.

This allowed them to steal more than $615 million worth of cryptocurrency from the game’s users.

Why Scams Succeed: Exploiting Human Psychology

In many instances, fraud goes undetected because it exploits human psychology, such as trust, desire, and urgency, leading victims to overlook red flags in the hope of gaining something desirable or avoiding a perceived loss. Scammers are adept at creating scenarios that pressure individuals into acting quickly, disregarding their usual critical thinking and verification processes.

While each case may vary in nature, the Sky Mavis example highlights several modern-day fraud scheme characteristics, including:

• Psychological Manipulation: The scheme employed social engineering techniques, manipulating the victim into believing they were engaging in a legitimate job recruitment process. The attackers created a convincing narrative that appealed to the engineer’s professional aspirations.
• Exploitation of Trust: The attackers exploited the inherent trust individuals place in professional networking platforms and the prospect of career advancement. The engineer likely did not question the authenticity of the recruiter’s LinkedIn profile.
• Personalization: The scammers tailored their approach to the specific victim, understanding that a senior engineer at Axie Infinity would probably be drawn to a high-profile job opportunity and enticed by a well-crafted offer.

A lucrative job opportunity is a highly effective vehicle for committing fraud. Often, the job-search process involves a sense of urgency—and at times, even desperation. An exciting employment offer is the perfect carrot. Graphic 1 depicts some of the key vulnerabilities that criminals exploit:

Graphic 1: Why Job Seekers Are Vulnerable to Scams

Fraudsters tend to target reputable platforms to present their “offers.” LinkedIn, for instance, is a respected hub for professional networking, job searching, and career development. The high concentration of highly motivated individuals sharing personal information makes it an ideal hunting ground for scammers to exploit trust and manipulate emotions, all under the guise of legitimate opportunities.^[8]

Deep Dive: How Savvy Scammers Use LinkedIn

For the period from July to December of 2023, LinkedIn detected more than 63 million fake accounts.[9] While LinkedIn catches the vast majority of scam efforts, and works hard to stop fraud, some scammers slip through the cracks. The incredible speed and effectiveness of AI tools play a part. They help savvy fraudsters bypass LinkedIn’s security measures, and deceive LinkedIn users at scale.

A SIMPLIFIED EXAMPLE

The following is an illustration of how cyber criminals may use LinkedIn to perpetrate a job scam:

PART I: WARMING UP

• Creating Convincing Profiles: Fraudsters often start with a detailed LinkedIn profile, impersonating recruiters or representatives of well-known companies. This includes professional photos, work history and endorsements to enhance credibility. They may use stolen identities or fabricate credentials to appear legitimate. In other instances, they may coerce innocent third parties into assisting them.
• Messaging Users: The start of a scam typically involves a direct message on LinkedIn, targeting job seekers with offers that seem too good to refuse. The message often praises the job seeker’s skill set as a perfect match for a position. This flattery serves as a psychological hook to engage the potential victim.
• Phishing Through Job Listings:  Scammers may post attractive job listings or send phishing emails that mimic real opportunities. Once a job seeker shows interest, they may be asked for personal information, bank details, or even an upfront payment for job processing or training.

PART II: ADVANCED TRICKERY

• Mimicking Formal Processes: To maintain the illusion of legitimacy, scammers may conduct sham interviews and send official-looking job offers, complete with company logos and branding. This step is designed to lower the job seeker’s defenses.
• Requesting Sensitive Information: During the supposed hiring process, scammers may request sensitive information under the pretext of background checks or employment paperwork. This may include banking details, personal identification photos, or social security numbers.
• Soliciting Payments: Job seekers may be asked to pay for materials or equipment (e.g., computers, iPads, mobile phones), with promises of reimbursement.
• Employing Advanced Psychological Tactics: Scammers may employ advanced psychological tactics, such as creating a sense of urgency or using persuasive language to push job seekers into making quick decisions without proper verification.

PART III: ANYTHING GOES

• Utilizing ‘Romance’ Techniques: In some cases, scammers may employ tactics used in romance scams, which the FBI defines as adopting “a fake online identity to gain a victim’s affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim.”^[10]

Romance scams are more common on dating sites and social media. However, in the context of job scams, swindlers may use a job opportunity as an opening to initiate a dialogue and use attractive photos along with engaging language to instill as sense of allure or companionship. The intent is to cultivate a relationship, using strong emotions to facilitate a bond. The conversation then takes a personal turn, which eventually results in a financial request.

The Role of Generative AI in Job Scams

AI tools are becoming increasingly popular in the realm of fraud. Natural language processing algorithms, for instance, have the capacity to fabricate convincing professional histories and endorsements, rendering a fraudulent LinkedIn profile almost indistinguishable from a legitimate one.

Advanced image generation tools like DALL-E can be used to create lifelike profile pictures, circumventing the risk of using a photo of a real person who might recognize themselves and report the fraud.  

In more elaborate scams, fraudsters may generate images of credentials, certificates, or even office environments to add authenticity to their narrative.

Chatbots, such as ChatGPT powered by GPT-4, may be used to craft messages that are not only personalized but also resonate with the aspirations and skills of the recipients. This personal touch is what often reels in the job seeker.

As interactions progress, AI may also be used to refine the scam as follows:

• Machine Learning Models: Tools like TensorFlow or PyTorch can analyze interaction data and fine-tune engagement strategies, ensuring that scams dynamically adapt to the responses of their targets.
• Sentiment Analysis: Tools like IBM Watson Tone Analyzer and Google’s Cloud Natural Language API can assess the emotional tone of communications, allowing for real-time adjustments to the scammer’s approach.

In phishing campaigns, scammers may use AI to determine which job descriptions or interview invitations garner the most attention, and then craft more effective and enticing communications.

Custom AI algorithms, built on machine learning platforms, have the potential to analyze the success rates of various phishing approaches to improve the methods used in emails and job listings. Additionally, the use of AI-generated personalized documents, with authentic-looking company logos and signatures, help establish the illusion of legitimacy.

DEEPFAKES ARE A SERIOUS CONCERN

Example: Why Deepfakes are a Concern for Scams

The darker side of AI emerges with identity theft and deepfakes:

• Deepfake Technology: Utilizing generative adversarial networks (GANs), scammers are able to create hyper-realistic videos and voice recordings, such as those made possible with tools like DeepFaceLab.

As alluded to earlier, AI can be used to test different strategies to bypass state-of-the-art security measures on platforms like LinkedIn. This form of “adversarial AI” is particularly concerning, as it seeks out weaknesses in fraud detection systems, allowing scammers to modify their methods and operate unnoticed.

The actual tools used by scammers are often proprietary or modified versions of legitimate software, designed to avoid detection. 

For instance, tools like FraudGPT, WormGPT and DarkBERT are based on legitimate counterparts but are tailored for illicit activities on the dark web.^[11]

How To Protect Yourself from Being Scammed

The best defense against fraud is awareness. While it’s not always possible to avoid being a target, there are ways to mitigate the threat through vigilance and caution.

This involves a) learning the red flags, b) protecting yourself from scam tactics, c) scrutinizing communications, d) engaging only with trusted and credible sources, e) guarding personal information, f) reporting suspicious activity, g) trusting your instincts, and h) leveraging technology.

Familiarize Yourself with the Red Flags

Before responding to potential job opportunities, review the latest job scam red flags, such as those described by the FBI, Federal Trade Commission (FTC), BBB and LinkedIn. Graphic 2 provides a summary.

Graphic 2: Job Scam Red Flags

Perform Basic Due Diligence

If you’re unsure about the soundness of a company or person associated with a job opportunity, it’s worth doing research.

Scan the person’s profile picture using Google Images to see what surfaces. Look for areas on their LinkedIn profile, such as employment history or education that can be corroborated with a trusted third-party source. Determine when their profile was created by identifying the earliest activity, such as a post or comment.

If you don’t see activity beyond a month, be skeptical. Review the information on their LinkedIn page as a whole. Compare the details with other social media channels.

• Are there online profiles other than LinkedIn?
• Do you notice any inconsistencies or questionable details?

Trust your gut. If the profile lacks substantive information, doesn’t include a verification badge, and has a low follower count, it might be risky.

If you’re still curious, dive deeper. Conduct an internet search using the name of the company or contact person along with the terms “fraud,” “scam,” “fake,” or “complaint” and examine the results.  Is there evidence that the individual is affiliated with the employer?

Check the Better Business Bureau (BBB) directory for the company’s name. Assess internet search results for consistency, good standing and longevity. Reach out to the company independently using information you’ve found on your own to verify the job’s legitimacy.

In general, if there is insufficient information to draw a conclusion, exercise caution.

Utilize AI-Powered Solutions for Enhanced Due Diligence and Automated Protection

AI-powered tools, including those related to communication analysis, automated website safety scanning, cybersecurity, and identity theft monitoring, can offer a crucial layer of protection against job scams and employment fraud. Below are examples of how these tools can be used:

On-Demand Email and Communication Analysis:

AI-powered tools, such as Bitdefender’s Scamio, can perform instant scans to scrutinize text, links, and attachments within communications to detect hallmarks of phishing attempts and other fraudulent activities. By analyzing patterns and inconsistencies typically associated with scams, these tools are able to deliver early warnings to users, helping prevent engagement with malicious entities. Job seekers can use these tools to check suspicious job listings, links and messages they receive.

Automated Cybersecurity Protection: 

Utilizing advanced algorithms and AI to detect and thwart potential security breaches, the latest cybersecurity solutions are adept at monitoring online activities and guarding against unauthorized access to personal data. By offering features like real-time threat detection, VPN access, data encryption, and website scanning capabilities, reputable brands such as Norton, McAffee and ESET help individuals safeguard their digital assets. Many of these companies offer free extensions, plugins and mobile applications with threat scanners that automatically block suspicious pages, links, and forms directly from your web browser.

Ongoing Identity Theft Monitoring:

Services like Aura and LifeLock offer continuous identity theft protection with AI-powered digital security tools. These services monitor the web—including the dark web—for signs of fraudulent use of your personal information and alert you to potential threats. Job seekers can subscribe to such services for additional peace of mind.

FINAL THOUGHT: An Ounce of Prevention

We all have emotions—hope, fear, excitement—that make us human. Unfortunately, fraudsters exploit these very emotions when targeting job seekers. Worse, they are continually refining their tactics.

LinkedIn is by no means the only platform used as a stalking zone. Indeed, Facebook and job boards are also common. No avenue is off-limits for a potential scam.

Fortunately, raising awareness and sharing experiences can help others to avoid falling victim to insidious schemes. In the United States, there are several channels for reporting job scams:

• FTC: The FTC has a dedicated website where you can file a complaint about a job scam or any other type of fraud.^[12]
• BBB: The BBB’s Scam Tracker allows you to report scams and warn others about fraudulent activities.^[13]
• State Attorney General’s Office: Each state has an Attorney General’s office that investigates consumer complaints, including job scams. You can find contact information for your state’s office online.
• Reporting to platforms: If the scam occurred on a specific platform, such as LinkedIn, Indeed or a job board, you can report it directly through the platform’s website or app.
• Alerting companies: If a company’s name or branding is being used fraudulently in a job posting, you can inform the company about the misuse through their official website or customer service channels.

By remaining vigilant, trusting our instincts, and adopting proactive measures, we can safeguard ourselves and empower others.

An ounce of prevention is worth a pound of cure when it comes to avoiding job scams.

---

Editor’s note: A variation of this article was originally published in ACAMS Today – The award-winning publication and magazine for career-minded professionals in the anti-financial crime field, dedicated to empowering individuals across the globe with the knowledge and skills to prevent financial crimes.

---

[1] Ryan Heath and Sam Sabin, “Job scams skyrocket,” Axios, January 30, 2024, https://www.axios.com/2024/01/30/job-scams-employment-fake-offers

[2] “Consumer Sentinel Network Data Book 2023,” Federal Trade Commission, February 2024, https://www.ftc.gov/system/files/ftc_gov.pdf

[3] “Consumer Sentinel Network Data Book 2019,” Federal Trade Commission, January 2020, https://www.ftc.gov/system/reports/consumer-sentinel-network.pdf

[4] “2023 Internet Crime Report,” Internet Crime Complaint Center, February 13, 2024, https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf

[5] Ianzito, Christina, “Fraud Is at ‘Crisis’ Level, AARP Survey Finds,” AARP, May 17, 2023, https://www.aarp.org/money/scams-fraud/info-2023/fraud-awareness-survey.html

[6] “How a fake job offer took down the world’s most popular crypto game,” The Block, July 7, 2024, https://www.theblock.co/how-a-fake-job-offer-took-down-crypto-game

[7] McMillan, Robert and Volz, Dustin, “How North Korea’s Hacker Army Stole $3 Billion in Crypto, Funding Nuclear Program,” The Wall Street Journal, June 11, 2023, https://www.wsj.com/articles/hacker-army

[8] Norris, G., Brookes, A. & Dowell, D. The Psychology of Internet Fraud Victimisation: a Systematic Review. J Police Crim Psych 34, 231–245 (2019). https://doi.org/10.1007/s11896-019-09334-5

[9] “Community Report,” LinkedIn, December 31, 2023, https://about.linkedin.com/transparency/community-report#fake-accounts”

[10] “Romance Scams,” FBI, https://www.fbi.gov/romance-scams

[11] Burt, Jeffrey, “After WormGPT and FraudGPT, DarkBERT and DarkBART are on the Horizon,” Security Boulevard, August 1, 2023, https://securityboulevard.com/fraudgpt

[12] Report Fraud, Federal Trade Commission, https://reportfraud.ftc.gov

[13] Scam Tracker, Better Business Bureau, https://www.bbb.org/scamtracker