FBI Warns Cyber Criminals Are Using Fake Job Listings to Target Applicants’ Personally Identifiable Information

Source: Federal Bureau of Investigation (FBI) State Crime News

Press release available in both English and Spanish.

Scammers advertise jobs the same way legitimate employers do—online (in ads, on job sites, college employment sites, and social media), in newspapers, and sometimes on TV and radio. They promise you a job, but what they want is your money and your personal information.

Fake Job or Employment Scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals leverage their position as “employers” to persuade victims to provide them with personally identifiable information (PII), become unwitting money mules, or to send them money.

Fake Job Scams have existed for a long time but technology has made this scam easier and more lucrative. Cyber criminals now pose as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards. They conduct false interviews with unsuspecting applicant victims, then request PII and/or money from these individuals. The PII can be used for any number of nefarious purposes, including taking over the victims’ accounts, opening new financial accounts, or using the victims’ identity for another deception scam (such as obtaining fake driver’s licenses or passports).

Criminals first spoof a legitimate company’s website by creating a domain name similar in appearance to a legitimate company. Then they post fake job openings on popular job boards that direct applicants to the spoofed sites. Applicants can apply on the spoofed company websites or directly on the job boards. Applicants are contacted by email to conduct an interview using a teleconference application. According to victims, cyber criminals impersonate personnel from different departments, including recruiters, talent acquisition, human resources, and department managers.

Cyber criminals executing this scam request the same information as legitimate employers, making it difficult to identify a hiring scam until it is too late. Some indications of this scam may include:

  • Interviews are not conducted in-person or through a secure video call.
  • Interviews are conducted via teleconference applications that use email addresses instead of phone numbers.
  • Potential employers contact victims through non-company email domains and teleconference applications.
  • Potential employers require employees to purchase start-up equipment from the company.
  • Potential employers require employees to pay upfront for background investigations or screenings.
  • Potential employers request credit card information.
  • Potential employers send an employment contract to physically sign asking for PII
  • Job postings appear on job boards, but not on the companies’ websites.
  • Recruiters or managers do not have profiles on the job board, or the profiles do not seem to fit their roles.

According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million. In 2020, Texas reported 1,720 victims reported $4.5 million in losses. There were 69 victims in El Paso totaling $721,600 in losses. As of March 5, 2021, 2,349 victims had already reported $5 million in losses nationwide, 244 victims in the state of Texas with a loss of $1.5 million. In El Paso, there were eight victims reporting $31,928 in losses. Midland/Odessa reported 10 incidents in 2020 totaling $71,500 and zero complaints in 2021. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores.

How to Protect Yourself

  • Conduct a web search of the hiring company using the company name only. Results that return multiple websites for the same company (abccompany.com and abccompanyllc.com) may indicate fraudulent job listings.
  • Legitimate companies will ask for PII and bank account information for payroll purposes AFTER hiring employees. This information is safer to give in-person. If in-person contact is not possible, a video call with the potential employer can confirm identity, especially if the company has a directory against which to compare employee photos.
  • Never send money to someone you meet online, especially by wire transfer.
  • Never provide credit card information to an employer.
  • Never provide bank account information to employers without verifying their identity.
  • Do not accept any job offers that ask you to use your own bank account to transfer their money. A legitimate company will not ask you to do this.
  • Never share your Social Security number or other PII that can be used to access your accounts with someone who does not need to know this information.
  • Before entering PII online, make sure the website is secure by looking at the address bar. The address should begin with “https://”, not “http://”.
    • However: criminals can also use “https://” to give victims a false sense of security. A decision to proceed should not be based solely upon the use of “https://”.

If you are a victim of an employment scam, the FBI recommends taking the following actions:

  • Report the activity to the Internet Crime Complaint Center at www.ic3.gov or the FBI El Paso Office at (915) 832-5000.
  • Report the activity to the website in which the job posting was listed.
  • Report the activity to the company the cyber criminals impersonated.
  • Contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions.
  • Ask your financial institution to contact the corresponding financial institution where the fraudulent or suspicious transfer was sent.

If you believe you, or someone you know, is a victim of an employment scam, please contact the FBI El Paso Field Office at (915) 832-5000 or visit the FBI’s Internet Crime Complaint Center at ic3.gov.


 

El FBI Advierte Sobre Delincuentes Cibernéticos Que Anuncian Empleos Falsos Para Robar Su Información Personal

Existen estafadores que publican puestos falsos de trabajo de la misma manera en que empleadores legítimos lo hacen, por medio del Internet (anuncios, sitios de trabajo, sitios de trabajo de colegios, y medios sociales), por periódicos, y a veces por medios de la radio y televisión. Prometen un trabajo, pero lo que buscan es obtener su dinero y su información personal.

Un empleo falso o engaño de empleo es cuando los delincuentes hacen creer a sus víctimas que tienen un trabajo o que existe la posibilidad de un empleo para ellos. Los delincuentes se hacen pasar como “Empleadores” para persuadir a sus víctimas a proveerles información personal identificable (PII) para convertirlos en mulas de dinero, o para que les envíen dinero a ellos.

Los engaños de trabajos falsos han existido por mucho tiempo, pero la tecnología ha facilitado este tipo de fraude y lo ha hecho más lucrativo. Los delincuentes cibernéticos ahora se hacen pasar por empleadores legítimos al falsificar los sitios web de compañías y publican ofertas falsas de trabajo en sitios populares del Internet. Llevan a cabo entrevistas falsas con las víctimas y luego les piden dinero o su identificación personal. Su identificación personal puede ser utilizada en un sinnúmero de propósitos maliciosos, incluyendo el tomar posesión de sus cuentas bancarias, abrir nuevas cuentas bancarias, o utilizar la identidad de la víctima para otros fraudes engañosos (obtener licencias de conducir fraudulentas o pasaportes).

Los delincuentes inicialmente logran falsificar el sitio web de una compañía legítima para crear un dominio web similar en apariencia al de la compañía legítima. Luego crean portales falsos de empleo en sitios web populares que dirigen a los solicitantes a los sitios web que falsificaron. Los interesados hacen su solicitud en estos sitios web que falsificaron o en los portales de trabajo. Los solicitantes son contactados por correo electrónico para llevar a cabo la entrevista utilizando una aplicación para una teleconferencia. De acuerdo a varias víctimas, los delincuentes cibernéticos se hacen pasar por personal de diferentes departamentos, incluyendo reclutadores, agentes de adquisición de talento, personal de recursos humanos y gerentes de departamentos.

Los delincuentes cibernéticos que ejecutan este fraude piden la misma información que los empleadores legítimos, lo cual dificulta el poder detectar el fraude de empleo hasta que ya es muy tarde. Algunas indicaciones de este fraude pueden incluir:

  • Las entrevistas no se hacen en persona o por medio de una video llamada segura.
  • Las entrevistas se hacen a través de aplicaciones de teleconferencia que usan correo electrónico en lugar de números telefónicos.
  • Los supuestos empleadores se comunican con las víctimas por medio de dominios de correos electrónicos o aplicaciones de teleconferencia que no son de una compañía.
  • Los supuestos empleadores requieren que sus aspirantes compren equipo de la compañía antes de comenzar a trabajar.
  • Los supuestos empleadores requieren que los aspirantes paguen de antemano por investigaciones de antecedentes o evaluaciones.
  • Los supuestos empleadores piden información de su tarjeta de crédito.
  • Los supuestos empleadores envían un contrato físico de empleo para que lo firmen y provean información personal identificable (PII).
  • Los portales de trabajo aparecen en los sitios de trabajo por Internet, pero no en los sitios web de las compañías.
  • Los perfiles de los reclutadores o gerentes no aparecen en los portales de trabajo por Internet o no concuerdan con sus puestos.

De acuerdo con el Internet Crime Complaint Center del FBI (IC3), 16,012 personas reportaron ser víctimas de ofertas fraudulentas de trabajo en el 2020; esas pérdidas suman a más de 59 millones de dólares. En el 2020, Texas reportó 1,720 víctimas y 4.5 millones de dólares en pérdidas. Hubo 69 víctimas en El Paso y pérdidas de 721,600 dólares. Para el 5 de marzo del 2021, ya había 2,349 víctimas y pérdidas de 5 millones de dólares a través del país; de estas, 244 víctimas en el estado de Texas con una pérdida de 1.5 millones de dólares. Hubo ocho víctimas en El Paso con 31,928 dólares en pérdidas. Midland/Odessa reportó 10 incidentes en el 2020 con pérdidas de 71,500 de dólares y cero quejas en el 2021. El promedio de pérdidas reportadas es de casi 3,000 dólares por víctima, sin mencionar el daño ocasionado a su calificación de crédito.

Cómo Protegerse

  • Conduzca una búsqueda de la compañía que ofrece el trabajo utilizando únicamente el nombre de la compañía. Si los resultados revelan múltiples sitios de Internet para la misma compañía (abccompany.com y abccompanyllc.com), esto pudiera indicar una oferta de trabajo falsa.
  • Las compañías legítimas pedirán su información personal identificable e información de su cuenta bancaria para el propósito de nóminas salariales DESPUÉS de haber contratado al empleado. Esta información es más segura darla en persona. Si el contacto en persona no es posible, una video llamada con el empleador puede confirmar la identidad, especialmente si la compañía tiene un directorio para comparar las fotos de sus empleados.
  • Nunca envié dinero a alguien que conoce por Internet, especialmente por una transferencia bancaria electrónica.
  • Nunca provea su información de tarjeta de crédito a su empleador.
  • Nunca provea información de su cuenta bancaria a empleadores sin antes verificar su identidad.
  • No acepte ofertas de trabajo que le pidan usar su cuenta bancaria para ellos hacer transferencias de dinero. Una compañía legítima jamás le pedirá que haga esto.
  • Nunca comparta su número de Seguro Social u otra forma de información personal que pudiera utilizarse para tener acceso a sus cuentas bancarias con alguien que no tiene la necesidad de saber esta información.
  • Antes de proveer su información personal identificable por Internet, asegúrese que el sitio web sea seguro mirando la dirección del sitio web. La dirección debe comenzar con https:// y no con http://.
    • Sin embargo: Los delincuentes pudieran también usar el https:// para dar a las víctimas una sensación falsa de seguridad. La decisión de continuar no debe basarse únicamente en el uso de https://.

Si es víctima de ofertas de empleos fraudulentos, el FBI recomienda que tome las siguientes medidas:

  • Reporte el incidente al Internet Crime Complaint Center en www.ic3.gov o a la Oficina del FBI en el Paso al (915) 832-5000.
  • Reporte el incidente al sitio web donde la oferta de empleo fue anunciada.
  • Reporte el incidente a la compañía que los delincuentes cibernéticos personificaron.
  • Comuníquese con su institución financiera de inmediato al descubrir algún fraude o actividad sospechosa y solicite que detengan o reviertan las transacciones.
  • Pídale a su institución financiera que se comunique con la institución financiera correspondiente donde el fraude o la transferencia sospechosa fue enviada.

Si usted cree que usted o alguien que conoce fue víctima de un engaño de empleo, por favor comuníquese con la Oficina del FBI en El Paso al (915) 832-5000 o visite el Internet Crime Complaint Center del FBI en ic3.gov.

North Texas Regional Computer Forensics Laboratory New Location Opens in Dallas

Source: Federal Bureau of Investigation (FBI) State Crime News

DALLAS—The FBI and members of the Local Executive Board of the North Texas Regional Computer Forensics Laboratory (NTRCFL) held a grand opening open house today, May 11, 2021, to commemorate the new NTRCFL in Dallas, Texas.

The RCFL program has evolved from a single pilot project laboratory established in San Diego in 1999 to a national network of digital forensic laboratories today.

Located in downtown Dallas, the NTRCFL was established in 2000, and is one of 17 laboratories in the country, serving as a full-service digital forensics laboratory and training center devoted entirely to the examination of digital evidence. It moved into its new location in January 2021.

The FBI provides the facility, equipment, and training for the NTRCFL. Along with the FBI, five participating agencies detail the staff who work at the lab. The participating agencies are: Dallas Police Department, Plano Police Department, Richardson Police Department, and Frisco Police Department. Naval Criminal Investigative Service (NCIS) is also an agency partner.

Today’s open house provided an opportunity to celebrate the partnerships that comprise this vital resource for law enforcement agencies throughout North Texas.

Dallas FBI Special Agent in Charge Matthew J. DeSarno welcomed guests and commended the NTRCFL’s achievements, “The North Texas region wins by being home to one of the world’s most advanced state-of-the-art digital forensics examination facilities. I am grateful for the partnership of the Dallas, Plano, Richardson, and Frisco police departments and the Naval Criminal Investigative Service. Our combined commitment of personnel and resources force multiplies our ability to solve crimes with mobile and digital evidence in the communities we serve.”

The national RCFL program represents one of law enforcement’s most successful partnership initiatives. Individuals from over 140 different agencies work side-by-side in the RCFLs to provide expert digital forensic services to any law enforcement agency in a lab’s service area. Those assigned to the RCFL undergo extensive training to become FBI-certified as computer forensics examiners and must strictly adhere to the laboratory’s quality standards.

For more information on the NTRCFL, visit www.rcfl.gov/north-texas

FBI Seeks Identities of Seven Individuals Sought in Connection with Arson Incidents in Philadelphia Last May 30; Reward Offered

Source: Federal Bureau of Investigation (FBI) State Crime News

On Saturday, May 30, 2020, various individuals sought to use peaceful protests in Philadelphia as cover to commit violent criminal acts, including arson.

The FBI is asking for the public’s assistance in identifying seven individuals who are being sought in connection with such arson incidents.

We are offering a reward of up to $10,000 for information leading to the identification and arrest of these individuals.

A “Seeking Information” poster and additional photos featuring these individuals are below and have been posted to FBI.gov.

Anyone with information is asked to call the FBI at 215-418-4000. Tips can also be electronically submitted at tips.fbi.gov.

Oregon FBI Tech Tuesday: Building a Digital Defense Against Unwanted Apps

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against unwanted apps!

Did you forget your password again? You know you are supposed to create complex and unique passwords for everything, which makes it really difficult to remember what they all are. Luckily, more and more sites are offering you the chance to log in with your Facebook or Google, or another digital account. Seems easy, right?

It is definitely easier to collect and become registered on more and more websites and apps if you go this route—but our friends at the FTC have a warning for you. This kind of open access can leave you vulnerable to cyberattacks, phishing, and scams. When you use social media accounts to sign up for apps or websites, you may give the app or website permission to do things on your behalf, like post to your social media page. You’re also possibly saying it’s OK to access information like your name, birthdate, location, contacts, and even your messages. Over time, you may even forget which apps or sites have these permissions.

Here’s how to keep yourself safe:

  • Start by asking yourself—does this site or app really need my info? Pay attention to what kind of details and access it is asking for. If you are uncomfortable allowing access, click “deny” or “disagree” when it asks for permissions. This typically stops the registration process.
  • Purge your permissions list. Go to the settings on your social media site and follow the instructions that lead you to the list of sites and apps to which you are granting access. Follow the instructions that tell you how to remove those apps or sites.
  • Delete all apps from your devices that you are not using.
  • Keep up the good work! Check your accounts every few months to see what kinds of permissions your programs or apps have.

If you are the victim of online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at  www.ic3.gov or call your FBI local office.  

Oregon FBI Tech Tuesday: Building a Digital Defense Against Adult Content Extortion

Source: Federal Bureau of Investigation (FBI) State Crime News

Welcome to the Oregon FBI’s Tech Tuesday segment. Today: Building a digital defense against adult content extortion schemes.

Extortion schemes are as old as time, but in recent years we’ve seen a number of scams in which the fraudster says he has photos or videos of the victim in compromising positions. Usually, the victim receives an email with his or her name listed and maybe some personal details—just enough to make it seem as though the bad guy really has something on you. He demands payment, often within 48 hours, or he threatens to release the images he allegedly has of you to your friends and family.

Well lately, we’ve been seeing a number of extortion complaints from Oregonians coming in through the FBI’s Internet Crime Complaint Center, and these complaints have a few new twists. The fraudster attaches a document or photo showing what, he says, is his proof. That attachment is likely loaded with malware that will infect your device if you click on it.

This new scammer also threatens that he will block your access to your device and social media accounts—much like a ransomware attack—if you choose to ignore his warning. And, while bad spelling and syntax are common, these particular messages come with a distinctly English take on things. In particular, the fraudster is using common British words or phrases to describe sex acts as opposed to what you might hear more commonly in the U.S.

Here are some ways to protect yourself:

  • Don’t open emails or attachments from unknown people and don’t communicate with those who send unsolicited messages. 
  • Don’t store sensitive or embarrassing photos or information online or on your mobile devices. 
  • Use strong passwords and don’t use the same password for multiple websites. 
  • Never provide personal information of any sort via email. Be aware that many fraudulent emails requesting your personal information appear to be legitimate. 
  • Make sure you have activated the security settings for social media accounts and that they are set at the highest level of protection. 
  • Cover up your camera. A simple piece of colored tape or a sticky note will do the trick.

Note: The FBI does not condone the payment of online extortion demands as the funds will facilitate continued criminal activity.

If you are the victim of online fraud, you should report the incident to the FBI’s Internet Crime Complaint Center at  www.ic3.gov or call your FBI local office.