Back to All posts

Hackers faked our job ads: what happened and how not to become a phishing scam victim

Jul 2020

After someone unexpectedly turned up for a job interview at our London office that was closed at the time due to COVID-19, we realised Bit Zesty was a victim of an elaborate impersonation by hackers who placed fake job adverts in our name. 

Scams and frauds through job ads are not new, but unfortunately they are increasing. Which.com lists common types of scams, such as advance-fee scams, premium-rate phone scams, money laundering and salary-payment scams. However, this particular type of scam is gaining popularity and uses job ads as a way to target the applicants’ personally-identifiable information. The FBI recently put out a bulletin warning people of this type of scam in January.

What happened

Bit Zesty experienced this scam first-hand after a job candidate we definitely weren’t expecting turned up for an interview at our London office. We closed our London office before lockdown, and the team have been working fully remotely ever since. We’re conducting all job interviews remotely, too. Someone turning up in person was a red flag. 

After some confusion, we asked the applicant to forward the email communication they’d received from us. But that email communication wasn’t from us at all. That’s when we discovered scammers were using our name to conduct fake job interviews.

How the scam works

Hackers copied an older job listing of ours, using our logo and job description to make it look believable. They then impersonated us to get applicants to share identity information.

In our instance, they created a new Glassdoor profile using the domain bitzesty.digital – a domain they bought for the scam. Glassdoor aggregates all jobs from accounts with similar domains, so the fake job ad then also appeared under our real Glassdoor account. To make the matter worse, indeed.com had scraped the fake job ad from Glassdoor and displayed it on our real Indeed profile, too. Both of these actions further made the scam job look legitimate.

But why would job boards do that? Job boards have the aggregation and scraping functionalities to help multinational firms to advertise job adverts from different locations and offices – and domain names – under one profile. This can be a great help to large organisations. However, it also provides the opportunity for scammers to create domains that are similar to official domains and post fake job ads.

They also used one of our founders’ names and created an email address with the fake @bitzesty.digital to communicate with the applicants. 

From what we found out from some of the applicants, the scammers even conducted initial phone interviews to make the job advert seem real. They then put the ‘successful’ applicants through to the ‘next stage’ of the process, where an ‘identity check’ step was conducted via an email link to an identity verification app: Netverify by Jumio. We believe the scammers intended to steal personal information from the applicants. 

Unfortunately for the scammers, one of the applicants misunderstood that the initial interview was over the phone and, after looking up the address on our website, turned up at our offices – that’s when we realised something wasn’t right and started the investigation, and managed to stop the scam.

How we removed the ad from jobs boards 

As soon as we realised what was happening, we contacted the relevant jobs boards to remove the fake job ads. The original fake job ad was posted on 27th June. The applicant turned up at our office and we realised that it was a scam on the 1st July and informed Glassdoor and Indeed the same day. The fake job ads were removed from the jobs boards on 3rd July. 

Glassdoor was able to trace how many people had applied to the fake job and notify them by email. So far, we’re hopeful we were able to intercept the scam early enough to prevent further victims of identity theft. 

As we had enough proof of the scam, we also managed to get the bitzesty.digital domain name suspended.

We have reported this fraud to Action Fraud; If you have been affected, please report it http://www.actionfraud.police.uk/fraud_protection/identity_fraud quoting our reference number: NFRC200703742981

How not to fall victim to the scam

We’d like to reiterate to any future applicants that any communication from Bit Zesty will come from the domain ‘bitzesty.com’ and not any other domain. Also note, that we are only conducting interviews remotely until further notice. Anyone who is in doubt, please email us on [email protected] 

We will not ask you to prove your identity via documentation such as a driving licence or passport in the early stages of the interview process. We will only ask for proof of identity when we offer you a position and require your ID for legal reasons. Also, all communications from us will come from emails ending in @bitzesty.com and not any other domain.

Please note, while our selection process varies slightly for different positions, it usually involves at least two interviews as well as some tests. 

Finally, most companies, like us, list their jobs on their company websites, so if you are looking to apply for a job, I would recommend applying directly to the company.