Even though South Africa’s official unemployment rate decreased marginally in the fourth quarter of last year with 169 000 jobs gained in the period, the number of unemployed persons increased by 28 000 to reach 7.8 million. Given the current economic environment, Kaspersky is warning of the risk of cybercriminals exploiting people’s need to find meaningful employment by targeting them in increasingly sophisticated scams.
In Africa, 8.7% of individuals and corporate users were affected by phishing last year. This is according to Kaspersky’s Spam and Phishing in 2022 report. Closer to home, 9.7% of South Africans experienced phishing attacks. While these spam and phishing attacks are not technically complex, they rely on advanced social engineering tactics and often leverage topics or points of interest relevant to a particular market. The Internet, social networks, cryptocurrencies and, of late, the upsurge in remote working – all gives cybercriminals the tools they need to get up to no-good with recruitment fraud.
Kaspersky has compiled a few tips to help those looking for jobs to spot scammers and mitigate against the risk of being successfully targeted by phishing attacks.
- Honest employers do not ask workers for money
No matter what the payment is called – prepayment for equipment, training fees, purchase of certification materials, a registration fee, background screening or security deposit – the requirement to invest your own money is the biggest, clearest sign that you are being ‘hired’ by fraudsters.
- Scammers exploit famous brands
Maybe a recruiting or consulting company is looking for someone to work for a large, prestigious company, or even a government department. While this does happen, it is important to check that the recruiters actually work at the company and that at least one interview involves employees of the company itself. It also makes sense to check the jobs section of the brand’s website. It is a potential warning sign if the job is not listed there.
- Scammers actively use phishing
It is not uncommon for fake HR employees to correspond from accounts resembling corporate addresses, but which are actually hosted on phishing domains or free e-mail like Gmail. Even if a person is diligent about verifying links and addresses, it is advisable to install a reliable security solution, such as Kaspersky Premium, that will warn them if they are trying to follow a malicious link and block it.
- How did the employer find out about you?
The answer to this question is also important. An attractive and unexpected job offer received especially over SMS and email when a person is not searching for a job is suspicious. And if a person is looking for work and putting their resume and contact information on job sites, scammers may be using those details to get in touch. A person must therefore always be on their guard.
- Do not give personal information in advance
An employment contract is usually signed on the first day at work. If the company is asking for detailed information such as your banking details, ID number, and so on, before the person starts working there, it is advisable not to share it.
“Much like anything in today’s digital world, vigilance, common sense, and checking up on company’s during the recruitment process are the most reliable ways a person can protect themselves against becoming victims of cybercrime,” says Brandon Muller, technology expert and consultant for the MEA region at Kaspersky.