The dilemma of fake job scams is hard to stop at scale

Dec. 4, 2023
This usually forgotten security threat must be a part of any organization’s ERM planning

Stopping fake job scams at scale is very difficult to do, even when you have seemingly huge budgets and resources.

Microsoft, Facebook, and Apple all put down hundreds of thousands, to millions of attempts a day from hackers attempting to get accounts on their platforms. Microsoft’s October 2023 Digital Defense Report stated that Microsoft blocks over 4,000 hacking attempts against Microsoft identities every second.

Fake identities created to do something malicious are known within the industry as synthetic identities. There are many millions of synthetic identities in the social media world and many of those synthetic identities create fake job scams.

Fake job scams come in two major flavors: those offering fake jobs and synthetic identities applying for or getting real jobs. Both are huge problems, and both are hard to detect and defend against. (Listen to the Security DNA Podcast for a more in-depth conversation on

Fake Job Offerings

There are thousands of fake job offerings on all the major social media and job sites. In these cases, synthetic identities, usually posing as either employers or hiring agents, approach potential job candidates. Oftentimes, these fake hirers have read the potential victim’s resume or know of their current job and using that information, offer them the perfect job. They will get offered an easy-to-do job that is perfectly aligned with their interests, at above-market rates, with great benefits. The goal is to trick the victim into thinking they have been offered a grand job with “sky-is-the-limit” opportunities. The promise of a new, fantastic job is like the beginning of a great romantic relationship. It is full of surging endorphins, potential promise, and a weakening of normal trust and defenses. This is exactly what the fake job scammers are hoping for.

Most job scammers are looking for financial gain, either from the job candidate or the candidate’s current employer, if they have one. When stealing from a job candidate, it usually happens one of two ways. The first way is that the job candidate is tricked into downloading a trojan horse program, which is a password-stealing trojan (very common) or a malicious backdoor that the intruder can use however they like. The second way is by tricking the job candidate into buying some expensive computer device, typically an iPad or iPhone, with their money (they are told they will be quickly reimbursed), and they are tricked into mailing it to the intruder. A common rationalization is that the new company’s IT needs to install company software on it before the job candidate can begin to use it.

Sometimes, the attacker is interested in stealing far more money (or cryptocurrency) from the job candidate’s current employer. They attempt to install a trojan horse program on the candidate’s current employer’s hardware (which is connected to the current employer’s network). They then use the remote backdoor to explore the current employer’s systems, looking for useful login credentials, business email compromise scam opportunities, or cryptocurrency repositories. North Korean nation-state attackers have stolen hundreds of millions of dollars using the latter technique, although they do it more often posing as fake employees.

Fake Job Applicants

There are thousands, if not tens of thousands, of fake employees getting real jobs posing as hardworking remote workers. They do so to either collect real paychecks they are not really entitled to or to gain access to the employer’s systems to steal money or intellectual property. In some of the cases, the fake candidate is truly a very knowledgeable and capable potential employee, but they are just involved in the hiring process to get the job (make it through the interview and technical questions) and then they hand off the job to a far less capable employee (for a cut of the salary). Many employers have complained about not getting the very capable employees they interviewed.

Another big fraction of fake employees concerns adversary nations faking an employee’s true country of origin to get paid money that is illegal to earn or to gain access to a company’s financial or cryptocurrency accounts. Here are more related articles: and

Note: Another problem is that of real remote employees getting hired at the same time at multiple full-time jobs, barely working the required hours at any of them, and collecting all the salaries until they are fired.

Problems at Scale

There are thousands to tens of thousands of fake employees and employers on most social media and job sites. Today, job scams are as ubiquitous and guaranteed as the scammer who approaches you on Craigslist (i.e., more likely than not). The fake employers can be super difficult to spot because their profiles are often full of information from real employers. The offered jobs can be real jobs currently being offered by the real employer. How can a job seeker be assured that the potential employer they are dealing with is or is not a scammer? It can be tough.

All the social media and job websites are trying their best to weed out fake employers and employees, but, again, it can be tough even for the biggest vendors. Even as they discover and remove tens of thousands of existing scammers, new scammers are figuring out ways to circumvent the latest checks and the cycle begins all over again. 


The biggest defense is education. Every job-seeking candidate and employer should be aware of the huge challenges presented by scammers in the job-seeking world. Everyone should be aware of the most common types of scams, how to recognize them, and how to mitigate and report them. You want both sides of the job-seeking adventure to have a healthy level of skepticism, especially when the job or employee seems too good to be true. Most successfully scammed people said there were signs, such as the interviewer or interviewee not asking a lot of questions or answering every answer so affirmatively, that they were a little suspicious. But they let that initial skepticism go unverified.

If you are an employer, recognize that any full-time, remote job is a chance for a fake employee to scam the company. If you hire a full-time remote worker, have that person come to a trusted physical company location (or agent of the company) to be interviewed in person and have them bring along the appropriate employment paperwork for verification (before employment). Recognize that “perfect” employees with the perfect skills willing to take below-market salaries should be viewed with suspicion. 

Similarly, job candidates should be suspicious of “dream jobs” where every answer works in your favor, and they are paying above-market salaries without asking a lot of questions. You should never pay an upfront fee for things like purported “background checks,” must personally buy company computers, or be asked to install software on your computer as part of the job hiring process. Be wary of any early attempt to get you to communicate outside of the social media or job site’s official communication channel. Oftentimes, scammers want to get you to alternative communication media, like WhatsApp, so they are not prevented from doing things by the very vendors who made these rules to prevent job scams. 

Any of these signs should be met with suspiciousness and prompt further investigation.

When in doubt, or every time, call the involved employer on a known good phone number or email to a known good email address to verify the job being offered, the persons involved with hiring for that job, and other job details. Get enough information to ensure that the job being offered is by the company it says it is from and is being offered by a legitimate representative. Do not take chances. 


Roger A. Grimes is a Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, and author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences and is known for his often contrarian, fact-filled viewpoints.